"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"12:26:38,5795364","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,5818637","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:38,5828238","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:38,6007574","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:38,6030470","Explorer.EXE","2816","ReadFile","C:\Windows\System32\uxtheme.dll","SUCCESS","Offset: 311.296, Length: 15.360, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,6054947","Explorer.EXE","2816","ReadFile","C:\Windows\System32\uxtheme.dll","SUCCESS","Offset: 307.200, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,6070995","Explorer.EXE","2816","ReadFile","C:\Windows\System32\uxtheme.dll","SUCCESS","Offset: 289.280, Length: 8.704, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,6088619","Explorer.EXE","2816","ReadFile","C:\Windows\explorer.exe","SUCCESS","Offset: 985.600, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,6103095","Explorer.EXE","2816","ReadFile","C:\Windows\explorer.exe","SUCCESS","Offset: 969.216, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,6117528","Explorer.EXE","2816","ReadFile","C:\Windows\explorer.exe","SUCCESS","Offset: 926.208, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,6131948","Explorer.EXE","2816","ReadFile","C:\Windows\explorer.exe","SUCCESS","Offset: 961.024, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,6188539","Explorer.EXE","2816","RegOpenKey","HKLM\Software\Microsoft\Windows\Tablet PC\","SUCCESS","Desired Access: Read"
"12:26:38,6204988","Explorer.EXE","2816","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Windows\Tablet PC\IsTabletPC","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:38,6215811","Explorer.EXE","2816","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Windows\Tablet PC","SUCCESS",""
"12:26:38,6378922","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,6402210","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: ANCI"
"12:26:38,6407831","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:38,6427084","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,6441508","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:38,6451962","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:38,6517235","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,6545309","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:38,6559323","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:38,6605464","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,6620714","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:38,6630347","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:38,6706984","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,6719817","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:38,6728242","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:38,6872563","ALMon.exe","1560","ReadFile","C:\Windows\System32\wow64.dll","SUCCESS","Offset: 236.032, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,6873370","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,6891013","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: ANCI"
"12:26:38,6896630","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:38,6903581","ALMon.exe","1560","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:38,6915612","ALMon.exe","1560","RegOpenKey","HKLM\Software\Wow6432Node\Sophos\SAVService\PP","SUCCESS","Desired Access: Read"
"12:26:38,6926019","ALMon.exe","1560","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:38,6933241","ALMon.exe","1560","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:26:38,6950893","ALMon.exe","1560","RegCreateKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP\Message","ACCESS DENIED","Desired Access: Query Value, Notify"
"12:26:38,7000146","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7012168","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: DNCI"
"12:26:38,7013913","ALMon.exe","1560","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:26:38,7016609","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:38,7021125","ALMon.exe","1560","RegCreateKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP\Message","ACCESS DENIED","Desired Access: Query Value, Notify"
"12:26:38,7073811","ALMon.exe","1560","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS",""
"12:26:38,7074763","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7085590","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:38,7090013","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:38,7205957","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7216789","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:38,7221216","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:38,7322316","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7330946","Explorer.EXE","2816","ReadFile","C:\Windows\System32\ExplorerFrame.dll","SUCCESS","Offset: 1.402.368, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,7333530","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:38,7337948","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:38,7357849","Explorer.EXE","2816","ReadFile","C:\Windows\System32\ExplorerFrame.dll","SUCCESS","Offset: 1.381.888, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,7377325","Explorer.EXE","2816","ReadFile","C:\Windows\System32\ExplorerFrame.dll","SUCCESS","Offset: 1.365.504, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,7398854","Explorer.EXE","2816","ReadFile","C:\Windows\System32\ExplorerFrame.dll","SUCCESS","Offset: 1.361.408, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,7424223","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7429499","Explorer.EXE","2816","ReadFile","C:\Windows\System32\ExplorerFrame.dll","SUCCESS","Offset: 1.327.104, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,7435036","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:38,7439878","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:38,7457036","Explorer.EXE","2816","ReadFile","C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll","SUCCESS","Offset: 1.714.176, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,7490895","Explorer.EXE","2816","ReadFile","C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll","SUCCESS","Offset: 1.697.792, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,7509611","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7510549","Explorer.EXE","2816","ReadFile","C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll","SUCCESS","Offset: 1.689.600, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,7527650","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:38,7530743","Explorer.EXE","2816","ReadFile","C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll","SUCCESS","Offset: 1.643.520, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:38,7533664","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:38,7555319","Explorer.EXE","2816","RegOpenKey","HKLM\Software\Microsoft\Windows\Tablet PC\","SUCCESS","Desired Access: Read"
"12:26:38,7575793","Explorer.EXE","2816","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Windows\Tablet PC\IsTabletPC","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:38,7593436","Explorer.EXE","2816","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Windows\Tablet PC","SUCCESS",""
"12:26:38,7619528","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7631974","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:38,7637581","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:38,7731875","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7748305","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:38,7754715","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:38,7821737","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7834948","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:38,7841400","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:38,7863055","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7878692","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:38,7899941","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7915214","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:38,7920439","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:38,7922869","Explorer.EXE","2816","RegOpenKey","HKLM\Software\Microsoft\Windows\Tablet PC\","SUCCESS","Desired Access: Read"
"12:26:38,7942103","Explorer.EXE","2816","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Windows\Tablet PC\IsTabletPC","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:38,7960129","Explorer.EXE","2816","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Windows\Tablet PC","SUCCESS",""
"12:26:38,7968563","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,7989219","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:38,7999646","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:38,8022388","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:38,8030799","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7000000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:38,8038818","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:38,8070526","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,8086172","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:38,8092978","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:38,8138733","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:38,8245771","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,8261026","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: ANCI"
"12:26:38,8267827","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:38,8289911","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,8304331","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:38,8315979","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:38,8388077","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,8404922","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:38,8428163","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:38,8481531","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,8494779","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:38,8504795","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:38,8517069","Explorer.EXE","2816","RegOpenKey","HKLM\Software\Microsoft\Windows\Tablet PC\","SUCCESS","Desired Access: Read"
"12:26:38,8533112","Explorer.EXE","2816","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Windows\Tablet PC\IsTabletPC","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:38,8552943","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,8553162","Explorer.EXE","2816","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Windows\Tablet PC","SUCCESS",""
"12:26:38,8567012","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:38,8577439","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:38,8656352","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,8677190","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: ANCI"
"12:26:38,8683633","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:38,8764650","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,8779097","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: DNCI"
"12:26:38,8784723","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:38,8852538","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,8864961","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:38,8870186","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:38,8937171","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,8951208","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:38,8956824","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:38,9021444","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9033489","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:38,9038294","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:38,9104075","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9116498","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:38,9122124","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:38,9193960","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9207186","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:38,9213222","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:38,9296021","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9309657","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:38,9314490","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:38,9385510","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9397517","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:38,9401949","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:38,9462534","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9474149","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:38,9479379","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:38,9495035","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9507070","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:38,9526724","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9543942","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:38,9549186","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:38,9588885","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9604536","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:38,9611767","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:38,9629820","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:38,9637056","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7000000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:38,9653075","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:38,9713674","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:26:38,9814648","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9828713","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: ANCI"
"12:26:38,9834292","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:38,9852761","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9866014","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:38,9876856","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:38,9920986","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:38,9933395","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:38,9943444","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,0018690","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,0035545","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:39,0053220","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,0121801","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,0137452","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:39,0158323","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,0224655","Explorer.EXE","2816","RegOpenKey","HKLM\Software\Microsoft\Windows\Tablet PC\","SUCCESS","Desired Access: Read"
"12:26:39,0236681","Explorer.EXE","2816","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Windows\Tablet PC\IsTabletPC","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:39,0247504","Explorer.EXE","2816","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Windows\Tablet PC","SUCCESS",""
"12:26:39,0277210","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,0292857","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: ANCI"
"12:26:39,0298870","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:39,0378991","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,0393014","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: DNCI"
"12:26:39,0398626","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:39,0466045","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,0477689","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:39,0483282","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:39,0562284","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,0579964","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,0586360","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,0666225","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,0681064","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,0687469","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:39,0692675","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,0697242","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:39,0700704","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975888, endtime: 975888, seqnum: 0, connid: 0"
"12:26:39,0708172","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:39,0715431","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:39,0722247","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:39,0727467","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:39,0733060","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:39,0739493","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:39,0751650","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,0758041","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,0762072","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,0765715","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,0766102","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,0770105","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,0775311","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 975888, endtime: 975889, seqnum: 0, connid: 0"
"12:26:39,0779738","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:39,0785341","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:39,0833362","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:39,0847954","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,0856641","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 224, Length: 4.096"
"12:26:39,0859999","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:39,0865201","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:39,0865887","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 4.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:39,0925771","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,0934747","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:39,0938619","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:39,0945425","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,1015666","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,1029274","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:39,1032665","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.497.426, Length: 16.200"
"12:26:39,1035319","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,1041883","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.507.328, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:39,1043292","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1051717","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975889, endtime: 975889, seqnum: 0, connid: 0"
"12:26:39,1102659","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:39,1115665","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1120717","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:39,1121141","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,1121300","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1124920","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1128535","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1131148","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 8.192, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:39,1132519","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1137175","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:39,1140170","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1144966","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975889, endtime: 975889, seqnum: 0, connid: 0"
"12:26:39,1146015","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:39,1159628","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:39,1168487","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,1175708","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:39,1184114","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,1191340","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:39,1204999","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,1205797","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:39,1220240","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:39,1221052","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:39,1226640","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,1235079","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:39,1260658","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:39,1271578","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,1274270","svchost.exe","588","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.089.024, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:39,1281123","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:39,1290845","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:39,1298752","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:39,1302890","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:39,1311315","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:39,1317309","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:39,1334173","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:39,1334966","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:39,1342622","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:39,1350995","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:39,1351714","svchost.exe","588","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:39,1355035","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:39,1363749","svchost.exe","588","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:39,1367071","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:39,1374610","svchost.exe","588","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\eventlog\System\Service Control Manager","REPARSE","Desired Access: Query Value"
"12:26:39,1383128","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:39,1384630","svchost.exe","588","RegOpenKey","HKLM\System\CurrentControlSet\Services\eventlog\System\Service Control Manager","SUCCESS","Desired Access: Query Value"
"12:26:39,1395835","svchost.exe","588","RegCloseKey","HKLM","SUCCESS",""
"12:26:39,1399189","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:39,1403061","svchost.exe","588","RegQueryValue","HKLM\System\CurrentControlSet\services\eventlog\System\Service Control Manager\ProviderGuid","SUCCESS","Type: REG_SZ, Length: 78, Data: {555908d1-a6d7-4695-8e1e-26931d2012f4}"
"12:26:39,1413105","svchost.exe","588","RegCloseKey","HKLM\System\CurrentControlSet\services\eventlog\System\Service Control Manager","SUCCESS",""
"12:26:39,1415246","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:39,1419902","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1427912","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975889, endtime: 975889, seqnum: 0, connid: 0"
"12:26:39,1430487","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:39,1445793","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:39,1462316","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:39,1478387","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:39,1486103","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1491734","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1494421","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:39,1496114","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1499753","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1503751","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1510058","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:39,1510967","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1515805","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975889, endtime: 975889, seqnum: 0, connid: 0"
"12:26:39,1525732","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:39,1541360","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:39,1556596","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:39,1571053","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:39,1583210","svchost.exe","588","CreateFile","C:\Windows\System32\services.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,1585482","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:39,1600354","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:39,1615594","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:39,1631226","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:39,1646864","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:39,1654598","svchost.exe","588","QueryBasicInformationFile","C:\Windows\System32\services.exe","SUCCESS","CreationTime: 14.07.2009 01:19:46, LastAccessTime: 14.07.2009 01:19:46, LastWriteTime: 14.07.2009 03:39:37, ChangeTime: 11.05.2013 14:07:38, FileAttributes: A"
"12:26:39,1662515","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:39,1663032","svchost.exe","588","CloseFile","C:\Windows\System32\services.exe","SUCCESS",""
"12:26:39,1677382","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:39,1691424","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:39,1705055","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:39,1718317","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:39,1733161","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:39,1745267","svchost.exe","588","CreateFile","C:\Windows\System32\services.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,1751196","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:39,1768891","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:39,1786128","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:39,1802180","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:39,1804088","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1810918","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1814696","svchost.exe","588","QueryNetworkOpenInformationFile","C:\Windows\System32\services.exe","SUCCESS","CreationTime: 14.07.2009 01:19:46, LastAccessTime: 14.07.2009 01:19:46, LastWriteTime: 14.07.2009 03:39:37, ChangeTime: 11.05.2013 14:07:38, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"12:26:39,1815335","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:39,1816744","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:39,1821325","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975890, endtime: 975890, seqnum: 0, connid: 0"
"12:26:39,1825132","svchost.exe","588","CreateFileMapping","C:\Windows\System32\services.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:26:39,1832834","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:39,1848895","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:39,1865713","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:39,1867495","svchost.exe","588","CreateFileMapping","C:\Windows\System32\services.exe","SUCCESS","SyncType: SyncTypeOther"
"12:26:39,1881387","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:39,1881518","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1887148","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1891137","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1894374","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1897971","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,1904409","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:39,1906009","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:39,1909218","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975890, endtime: 975890, seqnum: 0, connid: 0"
"12:26:39,1927697","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:39,1949342","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:39,1955617","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:39,1959773","svchost.exe","588","Load Image","C:\Windows\System32\services.exe","SUCCESS","Image Base: 0xff450000, Image Size: 0x53000"
"12:26:39,1967400","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:39,1969010","svchost.exe","588","CloseFile","C:\Windows\System32\services.exe","SUCCESS",""
"12:26:39,1987707","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:39,2006950","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:39,2023007","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:39,2041042","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:39,2056707","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:39,2056749","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2071532","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:39,2071565","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: DNCI"
"12:26:39,2077583","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:39,2087198","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:39,2094442","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2103231","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:39,2107262","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:39,2118131","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,2118906","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:39,2135336","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:39,2152237","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:39,2158222","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2168303","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:39,2171489","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:39,2173719","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2181342","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975890, endtime: 975890, seqnum: 0, connid: 0"
"12:26:39,2182289","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,2184346","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:39,2187257","svchost.exe","588","ReadFile","C:\Windows\System32\winevt\Logs\System.evtx","SUCCESS","Offset: 11.997.184, Length: 65.536"
"12:26:39,2199582","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:39,2215653","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:39,2221223","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2231682","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:39,2233478","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2233655","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:39,2239076","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2242691","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2246302","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2248345","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,2249810","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:39,2250337","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2256747","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2259047","svchost.exe","588","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:39,2260763","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975890, endtime: 975890, seqnum: 0, connid: 0"
"12:26:39,2266315","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 286.720, Length: 4.096"
"12:26:39,2269114","svchost.exe","588","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:39,2276722","svchost.exe","588","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT","SUCCESS","Desired Access: Read"
"12:26:39,2282339","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 290.816, Length: 4.096"
"12:26:39,2288632","svchost.exe","588","RegCloseKey","HKLM","SUCCESS",""
"12:26:39,2297860","svchost.exe","588","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT","SUCCESS","Query: Cached, SubKeys: 3, Values: 0"
"12:26:39,2299600","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:39,2308272","svchost.exe","588","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT","SUCCESS",""
"12:26:39,2315652","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 299.008, Length: 4.096"
"12:26:39,2316725","svchost.exe","588","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:39,2318456","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2325518","svchost.exe","588","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:39,2329689","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 303.104, Length: 4.096"
"12:26:39,2332768","svchost.exe","588","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Desired Access: Read"
"12:26:39,2333281","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:39,2345177","svchost.exe","588","RegCloseKey","HKLM","SUCCESS",""
"12:26:39,2345340","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,2345746","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:39,2352025","svchost.exe","588","RegQueryKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Query: Cached, SubKeys: 453, Values: 0"
"12:26:39,2360025","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 0, Name: {0063715b-eeda-4007-9429-ad526f62696e}"
"12:26:39,2362195","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 311.296, Length: 4.096"
"12:26:39,2366454","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 1, Name: {01090065-b467-4503-9b28-533766761087}"
"12:26:39,2370890","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 2, Name: {01578f96-c270-4602-ade0-578d9c29fc0c}"
"12:26:39,2375667","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 3, Name: {017247f2-7e96-11dc-8314-0800200c9a66}"
"12:26:39,2377832","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 315.392, Length: 4.096"
"12:26:39,2380094","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 4, Name: {017ba13c-9a55-4f1f-8200-323055aac810}"
"12:26:39,2384125","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 5, Name: {01979c6a-42fa-414c-b8aa-eee2c8202018}"
"12:26:39,2388533","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 6, Name: {02012a8a-adf5-4fab-92cb-ccb7bb3e689a}"
"12:26:39,2392274","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 319.488, Length: 4.096"
"12:26:39,2393329","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 7, Name: {030f2f57-abd0-4427-bcf1-3a3587d7dc7d}"
"12:26:39,2397369","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 8, Name: {04268430-d489-424d-b914-0cff741d6684}"
"12:26:39,2402178","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 9, Name: {04d66358-c4a1-419b-8023-23b73902de2c}"
"12:26:39,2406321","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 323.584, Length: 4.096"
"12:26:39,2406993","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 10, Name: {05921578-2261-42c7-a0d3-26ddbce6c50d}"
"12:26:39,2411410","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 11, Name: {059c3e04-5535-4929-85e1-93030e78f47b}"
"12:26:39,2415814","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 12, Name: {05d7b0f0-2121-4eff-bf6b-ed3f69b894d7}"
"12:26:39,2420754","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 327.680, Length: 4.096"
"12:26:39,2423161","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 13, Name: {06184c97-5201-480e-92af-3a3626c5b140}"
"12:26:39,2431185","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 14, Name: {06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}"
"12:26:39,2431852","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2433061","csrss.exe","720","ReadFile","C:\Windows\System32\sxssrv.dll","SUCCESS","Offset: 28.672, Length: 1.536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:39,2436405","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 331.776, Length: 4.096"
"12:26:39,2437614","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 15, Name: {07de7879-1c96-41ce-afbd-c659a0e8e643}"
"12:26:39,2447228","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 16, Name: {08466062-aed4-4834-8b04-cddb414504e5}"
"12:26:39,2449925","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: DNCI"
"12:26:39,2451100","csrss.exe","720","ReadFile","C:\Windows\System32\basesrv.dll","SUCCESS","Offset: 49.664, Length: 1.536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:39,2453661","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 335.872, Length: 4.096"
"12:26:39,2454058","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 17, Name: {0888e5ef-9b98-4695-979d-e92ce4247224}"
"12:26:39,2459567","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:39,2461270","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 18, Name: {093da50c-0bb9-4d7d-b95c-3bb9fcda5ee8}"
"12:26:39,2467148","csrss.exe","720","ReadFile","C:\Windows\System32\csrsrv.dll","SUCCESS","Offset: 35.840, Length: 1.024, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:39,2467297","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 19, Name: {09608c12-c1da-4104-a6fe-b959cf57560a}"
"12:26:39,2468515","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 339.968, Length: 4.096"
"12:26:39,2473287","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 20, Name: {099614a5-5dd7-4788-8bc9-e29f43db28fc}"
"12:26:39,2478908","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 21, Name: {09ec9687-d7ad-40ca-9c5e-78a04a5ae993}"
"12:26:39,2479986","csrss.exe","720","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\SideBySide\PublisherPolicyChangeTime","SUCCESS","Type: REG_QWORD, Length: 8, Data: "
"12:26:39,2484133","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 344.064, Length: 4.096"
"12:26:39,2486531","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 22, Name: {0a88862d-20a3-4c1f-b76f-162c55adbf93}"
"12:26:39,2494988","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 23, Name: {0bd3506a-9030-4f76-9b88-3e8fe1f7cfb6}"
"12:26:39,2501379","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 24, Name: {0c478c5b-0351-41b1-8c58-4a6737da32e3}"
"12:26:39,2505303","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 348.160, Length: 4.096"
"12:26:39,2507393","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 25, Name: {0d4fdc09-8c27-494a-bda0-505e4fd8adae}"
"12:26:39,2515053","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 26, Name: {0d759f0f-cff9-4902-8867-eb9e29d7a98b}"
"12:26:39,2521066","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 27, Name: {0dd4d48e-2bbf-452f-a7ec-ba3dba8407ae}"
"12:26:39,2524303","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 352.256, Length: 4.096"
"12:26:39,2527070","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 28, Name: {0f177893-4a9c-4709-b921-f432d67f43d5}"
"12:26:39,2533074","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 29, Name: {0f67e49f-fe51-4e9f-b490-6f2948cc6027}"
"12:26:39,2539119","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 30, Name: {11a377e3-be1e-4ee7-abda-81c6eda62e71}"
"12:26:39,2540771","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:39,2541391","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2545133","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 31, Name: {11a75546-3234-465e-bec8-2d301cb501ac}"
"12:26:39,2550745","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 32, Name: {11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}"
"12:26:39,2551407","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2555027","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: DNCI"
"12:26:39,2556739","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 33, Name: {122ee297-bb47-41ae-b265-1ca8d1886d40}"
"12:26:39,2556786","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:39,2557425","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2561045","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:39,2561068","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:39,2562379","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 34, Name: {127e0dc5-e13b-4935-985e-78fd508b1d80}"
"12:26:39,2565826","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975890, endtime: 975890, seqnum: 0, connid: 0"
"12:26:39,2568392","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 35, Name: {13480a22-d79f-4334-9d32-aa239398ad3c}"
"12:26:39,2571728","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 364.544, Length: 4.096"
"12:26:39,2574018","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 36, Name: {134ea407-755d-4a93-b8a6-f290cd155023}"
"12:26:39,2579229","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 37, Name: {13b197bd-7cee-4b4e-8dd0-59314ce374ce}"
"12:26:39,2584449","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 38, Name: {1418ef04-b0b4-4623-bf7e-d74ab47bbdaa}"
"12:26:39,2586954","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 368.640, Length: 4.096"
"12:26:39,2595976","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 39, Name: {155cb334-3d7f-4ff1-b107-df8afc3c0363}"
"12:26:39,2603394","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 372.736, Length: 4.096"
"12:26:39,2605199","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 40, Name: {15a7a4f8-0072-4eab-abad-f98a4d666aed}"
"12:26:39,2611627","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 41, Name: {15ca44ff-4d7a-4baa-bba5-0998955e531e}"
"12:26:39,2618018","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 42, Name: {17d6e590-f5fe-11dc-95ff-0800200c9a66}"
"12:26:39,2619451","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 376.832, Length: 4.096"
"12:26:39,2624433","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 43, Name: {17e92e2a-3d08-413e-baeb-a79a262bf486}"
"12:26:39,2630087","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 44, Name: {17f14a23-551d-40cc-a086-e4194d64ed4c}"
"12:26:39,2633231","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2634075","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2635550","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 380.928, Length: 4.096"
"12:26:39,2636081","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 45, Name: {18f4a5fd-fd3b-40a5-8fc2-e5d261c5d02e}"
"12:26:39,2639650","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2644072","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2648108","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2649325","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:39,2652096","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2652469","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 385.024, Length: 4.096"
"12:26:39,2655744","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:39,2659318","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:39,2659369","DllHost.exe","6736","Thread Exit","","SUCCESS","Thread ID: 10056, User Time: 0.0312002, Kernel Time: 0.0936006"
"12:26:39,2660652","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 46, Name: {192ede41-9175-4c86-ac02-9d003c9d43ab}"
"12:26:39,2664944","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975890, endtime: 975890, seqnum: 0, connid: 0"
"12:26:39,2668503","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 389.120, Length: 4.096"
"12:26:39,2673784","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 47, Name: {199fe037-2b82-40a9-82ac-e1d46c792b99}"
"12:26:39,2681822","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 48, Name: {19d2c934-ee9b-49e5-aaeb-9cce721d2c65}"
"12:26:39,2684569","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 393.216, Length: 4.096"
"12:26:39,2688217","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 49, Name: {1a396961-5f3c-4c71-8310-44c653c0bf8a}"
"12:26:39,2694231","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 50, Name: {1a3c3605-aa85-4b19-aa24-bb74bc365059}"
"12:26:39,2700990","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 397.312, Length: 4.096"
"12:26:39,2703472","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 51, Name: {1a772f65-be1e-4fc6-96bb-248e03fa60f5}"
"12:26:39,2709522","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 52, Name: {1a9443d4-b099-44d6-8eb1-829b9c2fe290}"
"12:26:39,2715526","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 53, Name: {1b562e86-b7aa-4131-badc-b6f3a001407e}"
"12:26:39,2720261","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 401.408, Length: 4.096"
"12:26:39,2723368","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 54, Name: {1b8b402d-78dc-46fb-bf71-46e64aedf165}"
"12:26:39,2731975","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2734620","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 55, Name: {1be1a88d-8e34-4170-9123-f503375bbcef}"
"12:26:39,2737097","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 405.504, Length: 4.096"
"12:26:39,2742224","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 56, Name: {1c95126e-7eea-49a9-a3fe-a378b03ddb4d}"
"12:26:39,2745630","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,2748629","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 57, Name: {1d75856d-36a7-4ecb-a3f5-b13152222d29}"
"12:26:39,2752044","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,2753971","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 409.600, Length: 4.096"
"12:26:39,2756560","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 58, Name: {1db28f2e-8f80-4027-8c5a-a11f7f10f62d}"
"12:26:39,2761169","DllHost.exe","6736","ReadFile","C:\Windows\System32\dllhost.exe","SUCCESS","Offset: 7.680, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:39,2764975","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 59, Name: {1edeee53-0afe-4609-b846-d8c0b2075b1f}"
"12:26:39,2767910","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:39,2769631","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 413.696, Length: 4.096"
"12:26:39,2771796","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 60, Name: {1f678132-5938-4686-9fdc-c8ff68f15c85}"
"12:26:39,2775644","DllHost.exe","6736","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:26:39,2776712","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:39,2778219","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 61, Name: {1f84007d-19ce-4b15-9e81-8a3dd8eb9ecb}"
"12:26:39,2782744","svchost.exe","512","RegOpenKey","HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\RepositoryRestoreInProgress","NAME NOT FOUND","Desired Access: Read"
"12:26:39,2784251","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 62, Name: {206f6dea-d3c5-4d10-bc72-989f03c8b84b}"
"12:26:39,2785655","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 417.792, Length: 4.096"
"12:26:39,2791183","DllHost.exe","6736","Thread Exit","","SUCCESS","Thread ID: 8576, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:26:39,2791972","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:39,2799473","DllHost.exe","6736","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 417.280, Length: 5.120, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:39,2801717","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 421.888, Length: 4.096"
"12:26:39,2802804","DllHost.exe","6736","Thread Exit","","SUCCESS","Thread ID: 5660, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:26:39,2803625","DllHost.exe","6736","Thread Exit","","SUCCESS","Thread ID: 8500, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:26:39,2803723","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 63, Name: {21b7c16e-c5af-4a69-a74a-7245481c1b97}"
"12:26:39,2809008","DllHost.exe","6736","Thread Exit","","SUCCESS","Thread ID: 9168, User Time: 0.0000000, Kernel Time: 0.0312002"
"12:26:39,2815754","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 64, Name: {22b6d684-fa63-4578-87c9-effcbe6643c7}"
"12:26:39,2822178","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 65, Name: {22fb2cd6-0e7b-422b-a0c7-2fad1fd0e716}"
"12:26:39,2822635","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2823946","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 425.984, Length: 4.096"
"12:26:39,2826992","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 66, Name: {239cfb83-cbb7-4bbc-a02e-9bdb496aa7c2}"
"12:26:39,2829688","DllHost.exe","6736","Thread Exit","","SUCCESS","Thread ID: 8696, User Time: 0.2340015, Kernel Time: 0.4836031"
"12:26:39,2833397","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 67, Name: {271c5228-c3fe-4e47-831f-48c3652ce5ac}"
"12:26:39,2835072","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,2838225","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 68, Name: {272a979b-34b5-48ec-94f5-7225a59c85a0}"
"12:26:39,2840320","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:39,2844425","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 430.080, Length: 4.096"
"12:26:39,2851128","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 69, Name: {27a8c1e2-eb19-463e-8424-b399df27a216}"
"12:26:39,2860458","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 434.176, Length: 4.096"
"12:26:39,2861177","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 70, Name: {28aa95bb-d444-4719-a36f-40462168127e}"
"12:26:39,2870418","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 71, Name: {2992e9cf-4f99-48f5-a0b6-b99b11cd387d}"
"12:26:39,2876455","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 72, Name: {29d13147-1c2e-48ec-9994-e29dfe496eb3}"
"12:26:39,2878507","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 438.272, Length: 4.096"
"12:26:39,2882869","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 73, Name: {2a274310-42d5-4019-b816-e4b8c7abe95c}"
"12:26:39,2888859","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 74, Name: {2d318b91-e6e7-4c46-bd04-bfe6db412cf9}"
"12:26:39,2894490","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 75, Name: {2e35aaeb-857f-4beb-a418-2e6c0e54d988}"
"12:26:39,2895773","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 442.368, Length: 4.096"
"12:26:39,2900111","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 76, Name: {2ed6006e-4729-4609-b423-3ee7bcd678ef}"
"12:26:39,2905317","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 77, Name: {2f07e2ee-15db-40f1-90ef-9d7ba282188a}"
"12:26:39,2908102","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,2909007","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2910561","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 78, Name: {2fd7a9a5-b1a1-4fc7-b95c-c32fed818f30}"
"12:26:39,2913028","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 446.464, Length: 4.096"
"12:26:39,2915762","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 79, Name: {2ff3e6b7-cb90-4700-9621-443f389734ed}"
"12:26:39,2916215","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2920600","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 80, Name: {30336ed4-e327-447c-9de0-51b652c86108}"
"12:26:39,2921038","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:39,2926165","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:39,2926641","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 81, Name: {314b2b0d-81ee-4474-b6e0-c2aaec0ddbde}"
"12:26:39,2927037","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975891, endtime: 975891, seqnum: 0, connid: 0"
"12:26:39,2932579","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 450.560, Length: 4.096"
"12:26:39,2933377","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:39,2935593","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 82, Name: {314de49f-ce63-4779-ba2b-d616f6963a88}"
"12:26:39,2972073","taskhost.exe","2568","ReadFile","C:\Windows\System32\winmm.dll","SUCCESS","Offset: 190.976, Length: 9.216, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:39,2975269","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 454.656, Length: 4.096"
"12:26:39,2978105","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 83, Name: {319122a9-1485-4e48-af35-7db2d93b8ad2}"
"12:26:39,2979612","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2985625","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2986535","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 84, Name: {31f60101-3703-48ea-8143-451f8de779d2}"
"12:26:39,2989651","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2994041","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:39,2994549","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 458.752, Length: 4.096"
"12:26:39,2998053","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:39,2998598","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 85, Name: {3239eb6f-c7fc-4953-aa15-646829a4ca4c}"
"12:26:39,3003277","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 6748, startime: 975891, endtime: 975891, seqnum: 0, connid: 0"
"12:26:39,3005419","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 86, Name: {331c3b3a-2005-44c2-ac5e-77220c37d6b4}"
"12:26:39,3011814","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 87, Name: {33693e1d-246a-471b-83be-3e75f47a832d}"
"12:26:39,3012178","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 462.848, Length: 4.096"
"12:26:39,3017842","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 88, Name: {355c44fe-0c8e-4bf8-be28-8bc7b5a42720}"
"12:26:39,3018224","taskhost.exe","2568","ReadFile","C:\Windows\System32\winmm.dll","SUCCESS","Offset: 175.104, Length: 4.608, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:39,3024242","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 89, Name: {35ac6ce8-6104-411d-976c-877f183d2d32}"
"12:26:39,3030666","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 90, Name: {3663a992-84be-40ea-bba9-90c7ed544222}"
"12:26:39,3032084","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3033460","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 466.944, Length: 4.096"
"12:26:39,3035391","taskhost.exe","2568","ReadFile","C:\Windows\System32\PlaySndSrv.dll","SUCCESS","Offset: 26.624, Length: 1.536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:39,3036301","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 91, Name: {36c23e18-0e66-11d9-bbeb-505054503030}"
"12:26:39,3043532","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 92, Name: {37945dc2-899b-44d1-b79c-dd4a9e57ff98}"
"12:26:39,3046130","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:39,3050319","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 93, Name: {3aa52b8b-6357-4c18-a92e-b53fb177853b}"
"12:26:39,3053953","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:39,3056762","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 94, Name: {3c6c422b-019b-4f48-b67b-f79a3fa8b4ed}"
"12:26:39,3061366","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:39,3063190","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 95, Name: {3cb2a168-fe19-4a4e-bdad-dcf422f13473}"
"12:26:39,3065826","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 471.040, Length: 4.096"
"12:26:39,3067085","DllHost.exe","6736","QueryNameInformationFile","C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL","SUCCESS","Name: \PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL"
"12:26:39,3069213","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 96, Name: {3cb40aaa-1145-4fb8-b27b-7e30f0454316}"
"12:26:39,3073780","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\","SUCCESS","Desired Access: Query Value"
"12:26:39,3075613","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 97, Name: {3cc2d4af-da5e-4ed4-bcbe-3cf995940483}"
"12:26:39,3077512","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\user32.dll","SUCCESS","Name: \Windows\System32\user32.dll"
"12:26:39,3082415","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 98, Name: {3df0c2c1-5a04-4966-9790-df6ef0ccde9c}"
"12:26:39,3085517","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","Name: \Windows\System32\kernel32.dll"
"12:26:39,3085657","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 475.136, Length: 4.096"
"12:26:39,3085843","taskhost.exe","2568","RegQueryValue","HKCU\AppEvents\Schemes\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: .Default"
"12:26:39,3089165","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 99, Name: {3f7b2f99-b863-4045-ad05-f6afb62e7af1}"
"12:26:39,3093564","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","Name: \Windows\System32\ntdll.dll"
"12:26:39,3097063","taskhost.exe","2568","RegCloseKey","HKCU\AppEvents\Schemes","SUCCESS",""
"12:26:39,3099185","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 100, Name: {3f9e07bd-0e26-4241-a5a5-28cafa150a75}"
"12:26:39,3101998","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\psapi.dll","SUCCESS","Name: \Windows\System32\psapi.dll"
"12:26:39,3103048","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 479.232, Length: 4.096"
"12:26:39,3106411","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 101, Name: {40ab57c2-1c53-4df9-9324-ff7cf898a02c}"
"12:26:39,3110321","taskhost.exe","2568","RegOpenKey","HKCU","SUCCESS","Desired Access: Query Value"
"12:26:39,3115746","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\dllhost.exe","SUCCESS","Name: \Windows\System32\dllhost.exe"
"12:26:39,3116842","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 102, Name: {40ae003c-6f3d-4590-ae1c-0e8be526b50f}"
"12:26:39,3121927","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:39,3124437","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 103, Name: {4214dcd2-7c33-4f74-9898-719ccceec20f}"
"12:26:39,3129260","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 483.328, Length: 4.096"
"12:26:39,3129358","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\uxtheme.dll","SUCCESS","Name: \Windows\System32\uxtheme.dll"
"12:26:39,3130861","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 104, Name: {422088e6-cd0c-4f99-bd0b-6985fa290bdf}"
"12:26:39,3131560","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\Close\.Current","SUCCESS","Desired Access: Query Value"
"12:26:39,3134373","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3138101","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 105, Name: {43d1a55c-76d6-4f7e-995c-64c711e5cafe}"
"12:26:39,3142220","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\propsys.dll","SUCCESS","Name: \Windows\System32\propsys.dll"
"12:26:39,3144412","taskhost.exe","2568","RegQueryValue","HKCU\AppEvents\Schemes\Apps\.Default\Close\.Current\(Default)","SUCCESS","Type: REG_SZ, Length: 0"
"12:26:39,3145303","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 106, Name: {43e63da5-41d1-4fbf-aded-1bbed98fdd1d}"
"12:26:39,3146936","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 487.424, Length: 4.096"
"12:26:39,3152529","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 107, Name: {46098845-8a94-442d-9095-366a6bcfefa9}"
"12:26:39,3152921","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:39,3153621","taskhost.exe","2568","RegCloseKey","HKCU\AppEvents\Schemes\Apps\.Default\Close\.Current","SUCCESS",""
"12:26:39,3159765","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 108, Name: {49c2c27c-fe2d-40bf-8c4e-c3fb518037e7}"
"12:26:39,3160577","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,3161066","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\rsaenh.dll","SUCCESS","Name: \Windows\System32\rsaenh.dll"
"12:26:39,3161258","taskhost.exe","2568","RegCloseKey","HKCU","SUCCESS",""
"12:26:39,3165288","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 491.520, Length: 4.096"
"12:26:39,3166963","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 109, Name: {4a933674-fb3d-4e8d-b01d-17ee14e91a3e}"
"12:26:39,3167681","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:39,3170308","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\cryptsp.dll","SUCCESS","Name: \Windows\System32\cryptsp.dll"
"12:26:39,3172990","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 110, Name: {4b7eac67-fc53-448c-a49d-7cc6db524da7}"
"12:26:39,3174898","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\Close\.Current","SUCCESS","Desired Access: Query Value"
"12:26:39,3179423","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 111, Name: {4ba32972-6fc5-488a-8368-5da620d05127}"
"12:26:39,3179922","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\cryptbase.dll","SUCCESS","Name: \Windows\System32\cryptbase.dll"
"12:26:39,3180538","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 495.616, Length: 4.096"
"12:26:39,3182913","taskhost.exe","2568","RegQueryValue","HKCU\AppEvents\Schemes\Apps\.Default\Close\.Current\Default Flags","NAME NOT FOUND","Length: 144"
"12:26:39,3186220","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 112, Name: {4cb314df-c11f-47d7-9c04-65fb0051561b}"
"12:26:39,3188930","taskhost.exe","2568","RegCloseKey","HKCU\AppEvents\Schemes\Apps\.Default\Close\.Current","SUCCESS",""
"12:26:39,3189150","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\RpcRtRemote.dll","SUCCESS","Name: \Windows\System32\RpcRtRemote.dll"
"12:26:39,3192639","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 113, Name: {4cec9c95-a65f-4591-b5c4-30100e51d870}"
"12:26:39,3196604","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 499.712, Length: 4.096"
"12:26:39,3197976","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll"
"12:26:39,3198573","taskhost.exe","2568","RegOpenKey","HKCU","SUCCESS","Desired Access: Query Value"
"12:26:39,3199081","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 114, Name: {4edbe902-9ed3-4cf0-93e8-b8b5fa920299}"
"12:26:39,3206410","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\msctf.dll","SUCCESS","Name: \Windows\System32\msctf.dll"
"12:26:39,3207082","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 115, Name: {4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}"
"12:26:39,3207408","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:39,3211453","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 503.808, Length: 4.096"
"12:26:39,3213534","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 116, Name: {4ef850d8-bf30-4e64-a917-ee21b9be1f0a}"
"12:26:39,3215222","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","Name: \Windows\System32\imm32.dll"
"12:26:39,3215437","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\Close\.Current\Active","NAME NOT FOUND","Desired Access: Query Value"
"12:26:39,3220349","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 117, Name: {4f768be8-9c69-4bbc-87fc-95291d3f9d0c}"
"12:26:39,3223055","taskhost.exe","2568","RegCloseKey","HKCU","SUCCESS",""
"12:26:39,3225896","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 507.904, Length: 4.096"
"12:26:39,3227258","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","Name: \Windows\System32\rpcrt4.dll"
"12:26:39,3228658","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 118, Name: {4fba1227-f606-4e5f-b9e8-fab9ab5740f3}"
"12:26:39,3235977","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3236271","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 119, Name: {4fcbf664-a33a-4652-b436-9d558983d955}"
"12:26:39,3239504","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\msvcrt.dll","SUCCESS","Name: \Windows\System32\msvcrt.dll"
"12:26:39,3243935","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 512.000, Length: 4.096"
"12:26:39,3245913","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 120, Name: {50b3e73c-9370-461d-bb9f-26f32d68887d}"
"12:26:39,3253139","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 121, Name: {50bd1bfd-936b-4db3-86be-e25b96c25898}"
"12:26:39,3253942","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\lpk.dll","SUCCESS","Name: \Windows\System32\lpk.dll"
"12:26:39,3254548","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:39,3259134","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 122, Name: {51480c1a-90aa-416e-98fd-4c11f735349b}"
"12:26:39,3260366","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 516.096, Length: 4.096"
"12:26:39,3262152","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,3264359","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","Name: \Windows\System32\advapi32.dll"
"12:26:39,3265175","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 123, Name: {51aedb05-890b-4ade-8ba1-0ba14b8e8973}"
"12:26:39,3271590","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 124, Name: {5322d61a-9efa-4bc3-a3f9-14be95c144f8}"
"12:26:39,3273978","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\oleaut32.dll","SUCCESS","Name: \Windows\System32\oleaut32.dll"
"12:26:39,3277188","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 125, Name: {538cbbad-4877-4eb2-b26e-7caee8f0f8cb}"
"12:26:39,3281311","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 520.192, Length: 4.096"
"12:26:39,3282422","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\gdi32.dll","SUCCESS","Name: \Windows\System32\gdi32.dll"
"12:26:39,3289237","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 126, Name: {54164045-7c50-4905-963f-e5bc1eef0cca}"
"12:26:39,3290054","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\clbcatq.dll","SUCCESS","Name: \Windows\System32\clbcatq.dll"
"12:26:39,3296459","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 127, Name: {5444519f-2484-45a2-991e-953e4b54c8e0}"
"12:26:39,3297280","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","Name: \Windows\System32\usp10.dll"
"12:26:39,3298978","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 524.288, Length: 4.096"
"12:26:39,3303288","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 128, Name: {546549be-9d63-46aa-9154-4f6eb9526378}"
"12:26:39,3304879","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll"
"12:26:39,3309717","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 129, Name: {54732ee5-61ca-4727-9da1-10be5a4f773d}"
"12:26:39,3312110","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","Name: \Windows\System32\ole32.dll"
"12:26:39,3315315","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 130, Name: {54849625-5478-4994-a5ba-3e3b0328c30d}"
"12:26:39,3318216","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 528.384, Length: 4.096"
"12:26:39,3319723","DllHost.exe","6736","QueryNameInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Name: \Windows\System32\apisetschema.dll"
"12:26:39,3321337","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 131, Name: {54d5ac20-e14f-4fda-92da-ebf7556ff176}"
"12:26:39,3326567","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 132, Name: {54ffd262-99fe-4576-96e7-1adb500370dc}"
"12:26:39,3331773","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 133, Name: {555908d1-a6d7-4695-8e1e-26931d2012f4}"
"12:26:39,3333191","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3335883","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 532.480, Length: 4.096"
"12:26:39,3336965","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 134, Name: {57277741-3638-4a4b-bdba-0ac6e45da56c}"
"12:26:39,3343799","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 135, Name: {57e0b31d-de8c-4181-bcd1-f70e880b49fc}"
"12:26:39,3349033","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 136, Name: {5857d6ca-9732-4454-809b-2a87b70881f8}"
"12:26:39,3354426","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:39,3354631","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 137, Name: {588c5c5a-ffc5-44a2-9a7f-d5e8dbe6efd7}"
"12:26:39,3358340","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 536.576, Length: 4.096"
"12:26:39,3360234","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 138, Name: {588cd2e4-a5b0-492d-a59b-f6dd3e7681c6}"
"12:26:39,3369597","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 139, Name: {5a24fcdb-1cf3-477b-b422-ef4909d51223}"
"12:26:39,3370674","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:39,3375983","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 140, Name: {5b004607-1087-4f16-b10e-979685a8d131}"
"12:26:39,3377089","DllHost.exe","6736","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.2652017 seconds, Kernel Time: 0.6552042 seconds, Private Bytes: 3.092.480, Peak Private Bytes: 3.788.800, Working Set: 7.008.256, Peak Working Set: 7.872.512"
"12:26:39,3378320","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 540.672, Length: 4.096"
"12:26:39,3381600","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 141, Name: {5b0a651a-8807-45cc-9656-7579815b6af0}"
"12:26:39,3381917","DllHost.exe","6736","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Image File Execution Options","SUCCESS",""
"12:26:39,3387622","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 142, Name: {5b93cdfa-5f51-45e0-9fde-296983129e6c}"
"12:26:39,3393257","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 143, Name: {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}"
"12:26:39,3395142","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3396378","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 544.768, Length: 4.096"
"12:26:39,3399257","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 144, Name: {5c8bb950-959e-4309-8908-67961a1205d5}"
"12:26:39,3404873","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 145, Name: {5c9be3e0-3593-4dcd-8f6d-63840923ffee}"
"12:26:39,3410107","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 146, Name: {5d674230-ca9f-11da-a94d-0800200c9a66}"
"12:26:39,3411605","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 548.864, Length: 4.096"
"12:26:39,3416107","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 147, Name: {5d896912-022d-40aa-a3a8-4fa5515c76d7}"
"12:26:39,3416797","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,3421728","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 148, Name: {5d9e0020-3761-4f36-90c8-38ce6511bd12}"
"12:26:39,3424438","DllHost.exe","6736","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:39,3426454","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 552.960, Length: 4.096"
"12:26:39,3426962","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 149, Name: {5e425eda-7bcc-4f89-bde7-11e00861ca43}"
"12:26:39,3434599","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 150, Name: {5ec13d8e-4b3f-422e-a7e7-3121a1d90c7a}"
"12:26:39,3435284","DllHost.exe","6736","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS",""
"12:26:39,3440108","DllHost.exe","6736","RegCloseKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS",""
"12:26:39,3440616","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 151, Name: {5f92bc59-248f-4111-86a9-e393e12c6139}"
"12:26:39,3442482","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 557.056, Length: 4.096"
"12:26:39,3443681","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3446998","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 152, Name: {606a6a38-70ec-4309-b3a3-82ff86f73329}"
"12:26:39,3448519","DllHost.exe","6736","RegCloseKey","HKLM","SUCCESS",""
"12:26:39,3452638","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 153, Name: {614696c9-85af-4e64-b389-d2c0db4ff87b}"
"12:26:39,3458670","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 154, Name: {617853d6-728b-4b59-8a78-c3a9a5eade92}"
"12:26:39,3459356","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 561.152, Length: 4.096"
"12:26:39,3462528","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:39,3465868","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 155, Name: {61f044af-9104-4ca5-81ee-cb6c51bb01ab}"
"12:26:39,3469372","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,3471881","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 156, Name: {63b530f8-29c9-4880-a5b4-b8179096e7b8}"
"12:26:39,3477106","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 157, Name: {63d1e632-95cc-4443-9312-af927761d52a}"
"12:26:39,3481533","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 158, Name: {63d2bb1d-e39a-41b8-9a3d-52dd06677588}"
"12:26:39,3482886","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 565.248, Length: 4.096"
"12:26:39,3485942","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 159, Name: {651df93b-5053-4d1e-94c5-f6e6d25908d0}"
"12:26:39,3490728","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 160, Name: {65d341f3-baaa-4c6e-8b20-23d4f1574004}"
"12:26:39,3495150","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 161, Name: {65d99466-7a8e-489c-b8e1-962bc945031e}"
"12:26:39,3499181","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 162, Name: {6600e712-c3b6-44a2-8a48-935c511f28c8}"
"12:26:39,3502554","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 569.344, Length: 4.096"
"12:26:39,3503594","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 163, Name: {66a5c15c-4f8e-4044-bf6e-71d896038977}"
"12:26:39,3516320","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3517570","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 164, Name: {676f167f-f72c-446e-a498-eda43319a5e3}"
"12:26:39,3521400","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 573.440, Length: 4.096"
"12:26:39,3524381","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 165, Name: {67bd1fef-afb2-458d-bcde-3758beb84dec}"
"12:26:39,3530404","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 166, Name: {67fe2216-727a-40cb-94b2-c02211edb34a}"
"12:26:39,3532354","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:26:39,3535647","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 167, Name: {6863e644-dd5d-43a2-a8b5-7a81b46672e6}"
"12:26:39,3538679","DllHost.exe","6736","CloseFile","C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9","SUCCESS",""
"12:26:39,3540396","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:26:39,3541385","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 577.536, Length: 4.096"
"12:26:39,3545476","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 168, Name: {699e309c-e782-4400-98c8-e21d162d7b7b}"
"12:26:39,3555100","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 169, Name: {6a1f2b00-6a90-4c38-95a5-5cab3b056778}"
"12:26:39,3560437","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:26:39,3561151","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 170, Name: {6a2dc7c1-930a-4fb5-bb44-80b30aebed6c}"
"12:26:39,3562219","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 581.632, Length: 4.096"
"12:26:39,3566763","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 171, Name: {6a502821-ab44-40c8-b32f-37315d9d52e0}"
"12:26:39,3575566","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 172, Name: {6ad52b32-d609-4be9-ae07-ce8dae937e39}"
"12:26:39,3576480","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:26:39,3580674","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 585.728, Length: 4.096"
"12:26:39,3581597","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 173, Name: {6addabf4-8c54-4eab-bf4f-fbef61b62eb0}"
"12:26:39,3587209","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 174, Name: {6b1ffe48-5b1e-4793-9f7f-ae926454499d}"
"12:26:39,3588917","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:26:39,3593806","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 175, Name: {6b4db0bc-9a3d-467d-81b9-a84c6f2f3d40}"
"12:26:39,3596325","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 589.824, Length: 4.096"
"12:26:39,3601666","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:39,3603028","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 176, Name: {6b93bf66-a922-4c11-a617-cf60d95c133d}"
"12:26:39,3609074","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 177, Name: {6ba132c4-da49-415b-a7f4-31870dc9fe25}"
"12:26:39,3612396","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 593.920, Length: 4.096"
"12:26:39,3615078","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 178, Name: {6bba3851-2c7e-4dea-8f54-31e5afd029e3}"
"12:26:39,3620704","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 179, Name: {6c260f2c-049a-43d8-bf4d-d350a4e6611a}"
"12:26:39,3626932","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3628019","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 598.016, Length: 4.096"
"12:26:39,3628308","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 180, Name: {6d8a3a60-40af-445a-98ca-99359e500146}"
"12:26:39,3634345","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 181, Name: {6e400999-5b82-475f-b800-cef6fe361539}"
"12:26:39,3641543","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 182, Name: {6eb8db94-fe96-443f-a366-5fe0cee7fb1c}"
"12:26:39,3643684","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 602.112, Length: 4.096"
"12:26:39,3647169","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:39,3648396","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 183, Name: {6ece3302-fee1-4ea9-8b88-086d459ed976}"
"12:26:39,3658915","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 606.208, Length: 4.096"
"12:26:39,3659214","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 184, Name: {70eb4f03-c1de-4f73-a051-33d13d5413bd}"
"12:26:39,3660823","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:39,3666053","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 185, Name: {712abb2d-d806-4b42-9682-26da01d8b307}"
"12:26:39,3673246","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 186, Name: {719be4ed-e9bc-4dd8-a7cf-c85ce8e4975d}"
"12:26:39,3674571","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 610.304, Length: 4.096"
"12:26:39,3679269","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 187, Name: {7237fff9-a08a-4804-9c79-4a8704b70b87}"
"12:26:39,3684885","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 188, Name: {7288c9f8-d63c-4932-a345-89d6b060174d}"
"12:26:39,3689028","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 614.400, Length: 4.096"
"12:26:39,3690894","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 189, Name: {728b8c72-0f0f-4071-9bcc-27cb3b6dacbe}"
"12:26:39,3696520","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 190, Name: {72d211e1-4c54-4a93-9520-4901681b2271}"
"12:26:39,3702150","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 191, Name: {73370bd6-85e5-430b-b60a-fea1285808a7}"
"12:26:39,3703461","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 618.496, Length: 4.096"
"12:26:39,3707781","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 192, Name: {73e9c9de-a148-41f7-b1db-4da051fdc327}"
"12:26:39,3713799","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 193, Name: {741fc222-44ed-4ba7-98e3-f405b2d2c4b4}"
"12:26:39,3716178","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:39,3717885","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 622.592, Length: 4.096"
"12:26:39,3726072","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 194, Name: {7426a56b-e2d5-4b30-bdef-b31815c1a74a}"
"12:26:39,3731946","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 626.688, Length: 4.096"
"12:26:39,3732897","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 195, Name: {747ef6fd-e535-4d16-b510-42c90f6873a1}"
"12:26:39,3738113","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 196, Name: {74b4a4b1-2302-4768-ac5b-9773dd456b08}"
"12:26:39,3747331","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 197, Name: {74b655a2-8958-410e-80e2-3457051b8dff}"
"12:26:39,3749197","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 630.784, Length: 4.096"
"12:26:39,3753363","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 198, Name: {74c2135f-cc76-45c3-879a-ef3bb1eeaf86}"
"12:26:39,3758163","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 199, Name: {75ebc33e-0870-49e5-bdce-9d7028279489}"
"12:26:39,3760719","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:39,3762571","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 200, Name: {75ebc33e-0936-4a55-9d26-5f298f3180bf}"
"12:26:39,3766028","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 634.880, Length: 4.096"
"12:26:39,3767008","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 201, Name: {75ebc33e-0cc6-49da-8cd9-8903a5222aa0}"
"12:26:39,3772223","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 202, Name: {75ebc33e-77b8-4ba8-9474-4f4a9db2f5c6}"
"12:26:39,3776636","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 203, Name: {75ebc33e-8670-4eb6-b535-3b9d6bb222fd}"
"12:26:39,3780882","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 638.976, Length: 4.096"
"12:26:39,3782650","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 204, Name: {75ebc33e-997f-49cf-b49f-ecc50184b75d}"
"12:26:39,3787067","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 205, Name: {75ebc33e-c8ae-4f93-9ca1-683a53e20cb6}"
"12:26:39,3791466","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 206, Name: {75ebc33e-d017-4d0f-93ab-0b4f86579164}"
"12:26:39,3794517","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 643.072, Length: 4.096"
"12:26:39,3795880","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 207, Name: {75f48521-4131-4ac3-9887-65473224fcb2}"
"12:26:39,3799910","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 208, Name: {777ba8fe-2498-4875-933a-3067de883070}"
"12:26:39,3804314","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 209, Name: {78168022-eca5-41e8-9e17-e8c7fd77aae1}"
"12:26:39,3807780","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 647.168, Length: 4.096"
"12:26:39,3808732","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 210, Name: {7839bb2a-2ea3-4eca-a00f-b558ba678bec}"
"12:26:39,3813537","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 211, Name: {7a67066e-193f-4d3a-82d3-322fee5259de}"
"12:26:39,3817954","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 212, Name: {7b563579-53c8-44e7-8236-0f87b9fe6594}"
"12:26:39,3822199","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 651.264, Length: 4.096"
"12:26:39,3822372","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 213, Name: {7b6bc78c-898b-4170-bbf8-1a469ea43fc5}"
"12:26:39,3827984","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 214, Name: {7b7838a3-6562-4269-bb7a-97b0d9593882}"
"12:26:39,3832402","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 215, Name: {7bb5af18-cb16-4007-b813-9d88e9d6f8ef}"
"12:26:39,3836246","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 655.360, Length: 4.096"
"12:26:39,3836815","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 216, Name: {7bfcf102-7378-431c-9284-0b968258991a}"
"12:26:39,3846551","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 217, Name: {7c314e58-8246-47d1-8f7a-4049dc543e0b}"
"12:26:39,3848972","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3854570","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 218, Name: {7d29d58a-931a-40ac-8743-48c733045548}"
"12:26:39,3862197","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 219, Name: {7d44233d-3055-4b9c-ba64-0d47ca40a232}"
"12:26:39,3865122","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 659.456, Length: 4.096"
"12:26:39,3866340","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:39,3869013","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 220, Name: {7d5387b0-cbe0-11da-a94d-0800200c9a66}"
"12:26:39,3873151","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:39,3875852","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 221, Name: {7d7b0c39-93f6-4100-bd96-4dda859652c5}"
"12:26:39,3882257","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 222, Name: {7da4fe0e-fd42-4708-9aa5-89b77a224885}"
"12:26:39,3882788","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 663.552, Length: 4.096"
"12:26:39,3888293","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 223, Name: {7dd42a49-5329-4832-8dfd-43d979153a88}"
"12:26:39,3893924","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 224, Name: {7de899b6-de3f-4892-bf66-0a8739ba939b}"
"12:26:39,3895608","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3899624","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 667.648, Length: 4.096"
"12:26:39,3900324","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 225, Name: {7e7d3382-023c-43cb-95d2-6f0ca6d70381}"
"12:26:39,3906333","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 226, Name: {7eafcf79-06a7-460b-8a55-bd0a0c9248aa}"
"12:26:39,3910890","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:39,3912752","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 227, Name: {7f2bd991-ae93-454a-b219-0bc23f02262a}"
"12:26:39,3917566","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 228, Name: {7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}"
"12:26:39,3922002","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 229, Name: {7f912b92-21ad-496e-b97a-88622a72bc42}"
"12:26:39,3922497","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,3923714","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 671.744, Length: 4.096"
"12:26:39,3926798","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 230, Name: {7f9d83de-8abb-457f-98e8-4ad161449ecc}"
"12:26:39,3931197","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 231, Name: {802ec45a-1e99-4b83-9920-87c98277ba9d}"
"12:26:39,3935242","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 232, Name: {8085cb91-900e-4d15-a7d1-921ddce641d8}"
"12:26:39,3940830","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 233, Name: {8115579e-2bea-4c9e-9ab1-821cc2c98ab0}"
"12:26:39,3946466","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 234, Name: {820a42d8-38c4-465d-b64e-d7d56ea1d612}"
"12:26:39,3951667","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 235, Name: {835b79e2-e76a-44c4-9885-26ad122d3b4d}"
"12:26:39,3952460","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 675.840, Length: 4.096"
"12:26:39,3956104","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 236, Name: {8360bd0f-a7dc-4391-91a7-a457c5c381e4}"
"12:26:39,3960503","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 237, Name: {83ed54f0-4d48-4e45-b16e-726ffd1fa4af}"
"12:26:39,3964916","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 238, Name: {84051b98-f508-4e54-82fa-8865c697c3b1}"
"12:26:39,3969464","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,3971307","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 679.936, Length: 4.096"
"12:26:39,3971741","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 239, Name: {8429e243-345b-47c1-8a91-2c94caf0daab}"
"12:26:39,3977735","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 240, Name: {8443ccb7-feb0-4b8d-8e28-8d4c7cb814e8}"
"12:26:39,3984168","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 241, Name: {85fe7609-ff4a-48e9-9d50-12918e43e1da}"
"12:26:39,3984709","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:39,3985773","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 684.032, Length: 4.096"
"12:26:39,3989799","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 242, Name: {86133982-63d7-4741-928e-ef1349b80219}"
"12:26:39,3994599","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 243, Name: {869fb599-80aa-485d-bca7-db18d72b7219}"
"12:26:39,3995527","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,3999427","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 244, Name: {86efff39-2bdd-4efd-bd0b-853d71b2a9dc}"
"12:26:39,4000612","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 688.128, Length: 4.096"
"12:26:39,4005044","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 245, Name: {87d476fe-1a0f-4370-b785-60b028019693}"
"12:26:39,4009457","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 246, Name: {88c9ad91-30ca-473f-917b-5e78fabd4c81}"
"12:26:39,4013870","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 247, Name: {8939299f-2315-4c5c-9b91-abb86aa0627d}"
"12:26:39,4018255","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 248, Name: {899daace-4868-4295-afcd-9eb8fb497561}"
"12:26:39,4021623","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 692.224, Length: 4.096"
"12:26:39,4022668","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 249, Name: {89a2278b-c662-4aff-a06c-46ad3f220bca}"
"12:26:39,4028304","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 250, Name: {89b1e9f0-5aff-44a6-9b44-0a07a7ce5845}"
"12:26:39,4032731","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 251, Name: {8a93b54b-c75a-49b5-a5be-9060715b1a33}"
"12:26:39,4037139","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 252, Name: {8c63b5a5-b484-4381-892d-edd424582df7}"
"12:26:39,4037638","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4046371","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 253, Name: {8c9dd1ad-e6e5-4b07-b455-684a9d879900}"
"12:26:39,4046782","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 696.320, Length: 4.096"
"12:26:39,4055211","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 254, Name: {8ce93926-bdae-4409-9155-2fe4799ef4d3}"
"12:26:39,4058794","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:39,4061229","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 255, Name: {914ed502-b70d-4add-b758-95692854f8a3}"
"12:26:39,4067648","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 256, Name: {91f42016-0b4e-4a4b-9bbb-825d06cbed35}"
"12:26:39,4069668","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 700.416, Length: 4.096"
"12:26:39,4071236","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,4073237","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 257, Name: {91f5fb12-fdea-4095-85d5-614b495cd9de}"
"12:26:39,4078886","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 258, Name: {92ae46d7-6d9c-4727-9ed5-e49af9c24cbf}"
"12:26:39,4083696","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 259, Name: {9363ccd9-d429-4452-9adb-2501e704b810}"
"12:26:39,4088510","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 704.512, Length: 4.096"
"12:26:39,4089691","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 260, Name: {93c05d69-51a3-485e-877f-1806a8731346}"
"12:26:39,4095335","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 261, Name: {945a8954-c147-4acd-923f-40c45405a658}"
"12:26:39,4101330","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 262, Name: {9485fa1e-23cd-49a1-84e3-11d8bc550cb7}"
"12:26:39,4105775","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 708.608, Length: 4.096"
"12:26:39,4107362","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 263, Name: {952773bf-c2b7-49bc-88f4-920744b82c43}"
"12:26:39,4113356","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 264, Name: {95353826-4fbe-41d4-9c42-f521c6e86360}"
"12:26:39,4116967","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4119374","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 265, Name: {9580d7dd-0379-4658-9870-d5be7d52d6de}"
"12:26:39,4121007","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 712.704, Length: 4.096"
"12:26:39,4125401","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 266, Name: {959f1fac-7ca8-4ed1-89dc-cdfa7e093cb0}"
"12:26:39,4130607","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:39,4131032","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 267, Name: {968f313b-097f-4e09-9cdd-bc62692d138b}"
"12:26:39,4136658","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 268, Name: {96ac7637-5950-4a30-b8f7-e07e8e5734c1}"
"12:26:39,4140268","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 716.800, Length: 4.096"
"12:26:39,4141043","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,4146692","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 269, Name: {96f4a050-7e31-453c-88be-9634f4e02139}"
"12:26:39,4154697","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 270, Name: {973143dd-f3c7-4ef5-b156-544ac38c39b6}"
"12:26:39,4160323","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 271, Name: {98583af0-fc93-4e71-96d5-9f8da716c6b8}"
"12:26:39,4161914","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 720.896, Length: 4.096"
"12:26:39,4165931","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 272, Name: {98bf1cd3-583e-4926-95ee-a61bf3f46470}"
"12:26:39,4171944","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 273, Name: {98e6cfcb-ee0a-41e0-a57b-622d4e1b30b1}"
"12:26:39,4177980","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 724.992, Length: 4.096"
"12:26:39,4179156","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 274, Name: {99806515-9f51-4c2f-b918-1eae407aa8cb}"
"12:26:39,4189186","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 275, Name: {9988748e-c2e8-4054-85f6-0c3e1cad2470}"
"12:26:39,4192031","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 729.088, Length: 4.096"
"12:26:39,4196421","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 276, Name: {9b307223-4e4d-4bf5-9be8-995cd8e7420b}"
"12:26:39,4203241","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 277, Name: {9b6123dc-9af6-4430-80d7-7d36f054fb9f}"
"12:26:39,4205653","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 733.184, Length: 4.096"
"12:26:39,4210038","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 278, Name: {9b7e4c0f-342c-4106-a19f-4f2704f689f0}"
"12:26:39,4213411","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4214880","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 279, Name: {9b7e4c8f-342c-4106-a19f-4f2704f689f0}"
"12:26:39,4219289","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 737.280, Length: 4.096"
"12:26:39,4219685","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 280, Name: {9c205a39-1250-487d-abd7-e831c6290539}"
"12:26:39,4224481","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 281, Name: {9d55b53d-449b-4824-a637-24f9d69aa02f}"
"12:26:39,4228521","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 282, Name: {9db0fdb5-3b21-440e-a94b-63738a4be5de}"
"12:26:39,4232934","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 741.376, Length: 4.096"
"12:26:39,4233484","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:39,4233727","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 283, Name: {9e03f75a-bcbe-428a-8f3c-d46f2a444935}"
"12:26:39,4240305","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:39,4244158","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 284, Name: {9e3b3947-ca5d-4614-91a2-7b624e0e7244}"
"12:26:39,4248576","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 745.472, Length: 4.096"
"12:26:39,4250558","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 285, Name: {9e6ae157-d9f7-47e5-8c6d-b17bb6c82a27}"
"12:26:39,4255797","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 286, Name: {9e95e4d0-4cb4-4b5d-a936-c972d7d08d90}"
"12:26:39,4261801","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 287, Name: {9f0c4ea8-ec01-4200-a00d-b9701cbea5d8}"
"12:26:39,4263028","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 749.568, Length: 4.096"
"12:26:39,4266625","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 288, Name: {9f650c63-9409-453c-a652-83d7185a2e83}"
"12:26:39,4271042","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 289, Name: {a0c1853b-5c40-4b15-8766-3cf1c58f985a}"
"12:26:39,4275455","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 290, Name: {a0e3d8ea-c34f-4419-a1db-90435b8b21d0}"
"12:26:39,4277704","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 753.664, Length: 4.096"
"12:26:39,4280270","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 291, Name: {a319d300-015c-48be-acdb-47746e154751}"
"12:26:39,4285481","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 292, Name: {a3e1697b-a12c-46b9-84d1-7ffe73c4b678}"
"12:26:39,4290290","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 293, Name: {a3e99773-83d7-460b-b69d-1af477e37a63}"
"12:26:39,4294307","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 294, Name: {a402fe09-da6e-45f2-82af-3cb37170ee0c}"
"12:26:39,4296975","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 757.760, Length: 4.096"
"12:26:39,4298729","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 295, Name: {a50b09f8-93eb-4396-84c9-dc921259f952}"
"12:26:39,4303138","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 296, Name: {a615acb9-d5a4-4738-b561-1df301d207f8}"
"12:26:39,4307523","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 297, Name: {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}"
"12:26:39,4310508","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4311819","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 761.856, Length: 4.096"
"12:26:39,4311945","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 298, Name: {a6ad76e3-867a-4635-91b3-4904ba6374d7}"
"12:26:39,4316349","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 299, Name: {a6f32731-9a38-4159-a220-3d9b7fc5fe5d}"
"12:26:39,4320393","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 300, Name: {a7364e1a-894f-4b3d-a930-2ed9c8c4c811}"
"12:26:39,4322147","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:39,4324802","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 301, Name: {a7975c8f-ac13-49f1-87da-5a984a4ab417}"
"12:26:39,4326239","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 765.952, Length: 4.096"
"12:26:39,4326966","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:39,4329220","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 302, Name: {a8106e5c-293a-4cd0-9397-2e6fac7f9749}"
"12:26:39,4333619","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 303, Name: {a82fda5d-745f-409c-b0fe-18ae0678a0e0}"
"12:26:39,4338032","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 304, Name: {a83fa99f-c356-4ded-9fd6-5a5eb8546d68}"
"12:26:39,4341111","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 770.048, Length: 4.096"
"12:26:39,4346844","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 305, Name: {a8a1f2f6-a13a-45e9-b1fe-3419569e5ef2}"
"12:26:39,4353277","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 306, Name: {a97524f6-064c-4c4e-b74b-1acc87c3700d}"
"12:26:39,4360900","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 307, Name: {aabf8b86-7936-4fa2-acb0-63127f879dbf}"
"12:26:39,4361711","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 774.144, Length: 4.096"
"12:26:39,4367706","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 308, Name: {aaf44901-5c64-4014-8b6c-a80813937293}"
"12:26:39,4373761","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 309, Name: {ab0d8ef9-866d-4d39-b83f-453f3b8f6325}"
"12:26:39,4379742","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 778.240, Length: 4.096"
"12:26:39,4379774","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 310, Name: {abce23e7-de45-4366-8631-84fa6c525952}"
"12:26:39,4392855","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 311, Name: {ac43300d-5fcc-4800-8e99-1bd3f85f0320}"
"12:26:39,4395010","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 782.336, Length: 4.096"
"12:26:39,4399675","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 312, Name: {ad5162d8-daf0-4a25-88a7-01cbeb33902e}"
"12:26:39,4405679","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 313, Name: {ad8aa069-a01b-40a0-ba40-948d1d8dedc5}"
"12:26:39,4406374","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4409453","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 786.432, Length: 4.096"
"12:26:39,4410908","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 314, Name: {ae4bd3be-f36f-45b6-8d21-bdd6fb832853}"
"12:26:39,4416128","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 315, Name: {ae5cf422-786a-476a-ac96-753b05877c99}"
"12:26:39,4419623","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,4420924","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 316, Name: {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}"
"12:26:39,4423075","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 790.528, Length: 4.096"
"12:26:39,4425211","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,4425351","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 317, Name: {af0a5a6d-e009-46d4-8867-42f2240f8a72}"
"12:26:39,4430562","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 318, Name: {af2e340c-0743-4f5a-b2d3-2f7225d215de}"
"12:26:39,4434980","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 319, Name: {af9cc194-e9a8-42bd-b0d1-834e9cfab799}"
"12:26:39,4438726","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 794.624, Length: 4.096"
"12:26:39,4440191","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 320, Name: {b03d4051-3564-4e93-93db-3c34f1b5b503}"
"12:26:39,4451181","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 321, Name: {b059b83f-d946-4b13-87ca-4292839dc2f2}"
"12:26:39,4456789","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 798.720, Length: 4.096"
"12:26:39,4458006","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 322, Name: {b1bebb9a-24aa-4b83-9e4a-38c2a9a44377}"
"12:26:39,4462820","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 323, Name: {b1c94ed9-ac9b-410e-aa48-4ffc5e45f4e3}"
"12:26:39,4467621","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 324, Name: {b1f90b27-4551-49d6-b2bd-dfc6453762a6}"
"12:26:39,4471647","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 325, Name: {b2a40f1f-a05a-4dfd-886a-4c4f18c4334c}"
"12:26:39,4476442","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 326, Name: {b2fcd41f-9a40-4150-8c92-b224b7d8c8aa}"
"12:26:39,4479540","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 802.816, Length: 4.096"
"12:26:39,4481280","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 327, Name: {b3eee223-d0a9-40cd-adfc-50f1888138ab}"
"12:26:39,4486878","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 328, Name: {b44aec44-38f4-4b59-8df3-10306abf19b2}"
"12:26:39,4491687","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 329, Name: {b5fd844a-01d4-4b10-a57f-58b13b561582}"
"12:26:39,4496087","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 330, Name: {b65471e1-019d-436f-bc38-e15fa8e87f53}"
"12:26:39,4496385","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 806.912, Length: 4.096"
"12:26:39,4500532","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 331, Name: {b675ec37-bdb6-4648-bc92-f3fdc74d3ca2}"
"12:26:39,4504936","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 332, Name: {b92cf7fd-dc10-4c6b-a72d-1613bf25e597}"
"12:26:39,4508771","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4509359","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 333, Name: {b977cf02-76f6-df84-cc1a-6a4b232322b6}"
"12:26:39,4510837","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 811.008, Length: 4.096"
"12:26:39,4513762","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 334, Name: {b98f0db6-26e2-4a66-89fc-32a9a6a9af61}"
"12:26:39,4517774","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 335, Name: {b9da9fe6-ae5f-4f3e-b2fa-8e623c11dc75}"
"12:26:39,4522192","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 336, Name: {ba093605-3909-4345-990b-26b746adee0a}"
"12:26:39,4522826","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,4525677","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 815.104, Length: 4.096"
"12:26:39,4526600","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 337, Name: {bbe94f36-f8dc-4c33-8227-81602b7a3d53}"
"12:26:39,4528056","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:39,4531018","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 338, Name: {bc2eeeec-b77a-4a52-b6a4-dffb1b1370cb}"
"12:26:39,4536635","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 339, Name: {bc97b970-d001-482f-8745-b8d7d5759f99}"
"12:26:39,4540101","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 819.200, Length: 4.096"
"12:26:39,4543450","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 340, Name: {bd12f3b8-fc40-4a61-a307-b7a013a069c1}"
"12:26:39,4550257","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:39,4550681","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 341, Name: {bd2d1dae-d678-4e10-9667-21cba2aa70c3}"
"12:26:39,4555369","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 823.296, Length: 4.096"
"12:26:39,4557893","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 342, Name: {bd2f4252-5e1e-49fc-9a30-f3978ad89ee2}"
"12:26:39,4560123","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:39,4563510","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 343, Name: {bdb462fc-a297-49a2-bf2e-4f1809e12abc}"
"12:26:39,4567354","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:39,4568725","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 344, Name: {be3a31ea-aa6c-4196-9dcc-9ca13a49e09f}"
"12:26:39,4569416","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 827.392, Length: 4.096"
"12:26:39,4573544","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 345, Name: {be69781c-b63b-41a1-8e24-a4fc7b3fc498}"
"12:26:39,4576199","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:39,4577953","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 346, Name: {be932b00-0f8e-4386-ab89-873f7d0274aa}"
"12:26:39,4582370","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 347, Name: {bf406804-6afa-46e7-8a48-6c357e1d6d61}"
"12:26:39,4583845","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 831.488, Length: 4.096"
"12:26:39,4587007","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:39,4587996","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 348, Name: {c02afc2b-e24e-4449-ad76-bcc2c2575ead}"
"12:26:39,4592405","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 349, Name: {c06ed57a-a7bd-42d7-b5ff-77a9dec5732d}"
"12:26:39,4596809","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 350, Name: {c100becc-d33a-4a4b-bf23-bbef4663d017}"
"12:26:39,4599085","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 835.584, Length: 4.096"
"12:26:39,4600247","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4601614","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 351, Name: {c100becf-d33a-4a4b-bf23-bbef4663d017}"
"12:26:39,4606838","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 352, Name: {c26c4f3c-3f66-4e99-8f8a-39405cfed220}"
"12:26:39,4611657","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 353, Name: {c2fa0899-8a10-412b-a42e-9e5b284a2437}"
"12:26:39,4612716","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 839.680, Length: 4.096"
"12:26:39,4613099","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:39,4618072","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 354, Name: {c4636a1e-7986-4646-bf10-7bc3b4a76e8e}"
"12:26:39,4618333","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:39,4623674","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 355, Name: {c514638f-7723-485b-bcfc-96565d735d4a}"
"12:26:39,4626772","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 843.776, Length: 4.096"
"12:26:39,4628097","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 356, Name: {c651f5f6-1c0d-492e-8ae1-b4efd7c9d503}"
"12:26:39,4633709","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 357, Name: {c6bf6832-f7bd-4151-ac21-753ce4707453}"
"12:26:39,4638131","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 358, Name: {c76baa63-ae81-421c-b425-340b4b24157f}"
"12:26:39,4644424","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 847.872, Length: 4.096"
"12:26:39,4649211","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 359, Name: {c7bde69a-e1e0-4177-b6ef-283ad1525271}"
"12:26:39,4659278","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 851.968, Length: 4.096"
"12:26:39,4661265","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 360, Name: {c882ff1d-7585-4b33-b135-95c577179137}"
"12:26:39,4671271","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 361, Name: {c88a4ef5-d048-4013-9408-e04b7db2814a}"
"12:26:39,4672932","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 856.064, Length: 4.096"
"12:26:39,4678894","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 362, Name: {c89b991e-3b48-49b2-80d3-ac000dfc9749}"
"12:26:39,4683718","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4685714","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 363, Name: {c8f7689f-3692-4d66-b0c0-9536d21082c9}"
"12:26:39,4686176","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 860.160, Length: 4.096"
"12:26:39,4695366","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:39,4697288","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 364, Name: {c914f0df-835a-4a22-8c70-732c9a80c634}"
"12:26:39,4701785","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:39,4704477","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 365, Name: {c91ef675-842f-4fcf-a5c9-6ea93f2e4f8b}"
"12:26:39,4708419","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 864.256, Length: 4.096"
"12:26:39,4709314","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 366, Name: {c9bdb4eb-9287-4c8e-8378-6896f0d1c5ef}"
"12:26:39,4714138","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 367, Name: {ca11c036-0102-4a2d-a6ad-f03cfed5d3c9}"
"12:26:39,4718934","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 368, Name: {ca4e628d-8567-4896-ab6b-835b221f373f}"
"12:26:39,4723356","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 369, Name: {ca5ba219-c0d4-4efa-9ceb-72aff92672b0}"
"12:26:39,4724471","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 868.352, Length: 4.096"
"12:26:39,4727755","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 370, Name: {cab2b8a5-49b9-4eec-b1b0-fac21da05a3b}"
"12:26:39,4732182","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 371, Name: {cad2d809-03d9-4f46-9cf4-72aa4f04b6b9}"
"12:26:39,4736586","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 372, Name: {cb070027-1534-4cf3-98ea-b9751f508376}"
"12:26:39,4738918","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 872.448, Length: 4.096"
"12:26:39,4747413","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 373, Name: {cb587ad1-cc35-4ef1-ad93-36cc82a2d319}"
"12:26:39,4753856","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 374, Name: {cbda4dbf-8d5d-4f69-9578-be14aa540d22}"
"12:26:39,4755750","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 876.544, Length: 4.096"
"12:26:39,4758675","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 375, Name: {cd032e15-15ad-4da4-afc6-03bf83516195}"
"12:26:39,4763078","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 376, Name: {cdc05e28-c449-49c6-b9d2-88cf761644df}"
"12:26:39,4767548","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4768690","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 377, Name: {cdead503-17f5-4a3e-b7ae-df8cc2902eb9}"
"12:26:39,4771807","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 880.640, Length: 4.096"
"12:26:39,4773519","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 378, Name: {ce20d1c3-a247-4c41-bcb8-3c7f52c8b805}"
"12:26:39,4777913","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 379, Name: {ce8dee0b-d539-4000-b0f8-77bed049c590}"
"12:26:39,4780012","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:39,4782322","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 380, Name: {cf3f502e-b40d-4071-996f-00981edf938e}"
"12:26:39,4784831","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,4786725","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 381, Name: {cfaa5446-c6c4-4f5c-866f-31c9b55b962d}"
"12:26:39,4788666","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 884.736, Length: 4.096"
"12:26:39,4791162","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 382, Name: {cfc18ec0-96b1-4eba-961b-622caee05b0a}"
"12:26:39,4795566","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 383, Name: {d02a9c27-79b8-40d6-9b97-cf3f8b7b5d60}"
"12:26:39,4799596","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 384, Name: {d0e22efc-ac66-4b25-a72d-382736b5e940}"
"12:26:39,4804009","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 385, Name: {d1bc9aff-2abf-4d71-9146-ecb2a986eb85}"
"12:26:39,4805493","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 888.832, Length: 4.096"
"12:26:39,4816255","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 386, Name: {d1d93ef7-e1f2-4f45-9943-03d245fe6c00}"
"12:26:39,4823075","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 387, Name: {d4263c98-310c-4d97-ba39-b55354f08584}"
"12:26:39,4824381","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 892.928, Length: 4.096"
"12:26:39,4828295","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 388, Name: {d53270e3-c8cf-4707-958a-dad20c90073c}"
"12:26:39,4833105","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 389, Name: {d5c25f9a-4d47-493e-9184-40dd397a004d}"
"12:26:39,4837509","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 390, Name: {d6f68875-cdf5-43a5-a3e3-53ffd683311c}"
"12:26:39,4841213","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 897.024, Length: 4.096"
"12:26:39,4843125","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 391, Name: {d775f388-5a4a-474d-8726-7b255544285f}"
"12:26:39,4845015","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4848751","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 392, Name: {d8975f88-7ddb-4ed0-91bf-3adf48c48e0c}"
"12:26:39,4854373","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 393, Name: {dab065a9-620f-45ba-b5d6-d6bb8efedee9}"
"12:26:39,4857680","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 901.120, Length: 4.096"
"12:26:39,4858240","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:39,4859574","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 394, Name: {dab3b18c-3c0f-43e8-80b1-e44bc0dad901}"
"12:26:39,4863870","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,4864817","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 395, Name: {db00dfb6-29f9-4a9c-9b3b-1f4f9e7d9770}"
"12:26:39,4873714","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 905.216, Length: 4.096"
"12:26:39,4875752","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 396, Name: {db6f6ddb-ac77-4e88-8253-819df9bbf140}"
"12:26:39,4884588","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 397, Name: {dbe9b383-7cf3-4331-91cc-a3cb16a3b538}"
"12:26:39,4889379","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 909.312, Length: 4.096"
"12:26:39,4890204","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 398, Name: {dd5ef90a-6398-47a4-ad34-4dcecdef795f}"
"12:26:39,4895411","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 399, Name: {dd70bc80-ef44-421b-8ac3-cd31da613a4e}"
"12:26:39,4902772","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 400, Name: {dd85457f-4e2d-44a5-a7a7-6253362e34dc}"
"12:26:39,4903812","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 913.408, Length: 4.096"
"12:26:39,4913208","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 401, Name: {de513a55-c345-438b-9a74-e18cac5c5cc5}"
"12:26:39,4917448","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 917.504, Length: 4.096"
"12:26:39,4919207","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 402, Name: {de7b24ea-73c8-4a09-985d-5bdadcfa9017}"
"12:26:39,4922845","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4925262","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 403, Name: {dea07764-0790-44de-b9c4-49677b17174f}"
"12:26:39,4930445","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 404, Name: {ded165cf-485d-4770-a3e7-9c5f0320e80c}"
"12:26:39,4932698","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 921.600, Length: 4.096"
"12:26:39,4934079","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:39,4936472","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 405, Name: {df32a572-0b4b-44be-b09b-72084fdbf879}"
"12:26:39,4938898","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:39,4942513","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 406, Name: {e01b1a7c-c5c9-4e67-99a9-5e85acfb2e10}"
"12:26:39,4948111","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 407, Name: {e04fe2e0-c6cf-4273-b59d-5c97c9c374a4}"
"12:26:39,4951148","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 925.696, Length: 4.096"
"12:26:39,4954194","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 408, Name: {e0a40b26-30c4-4656-bc9a-74a5c3a0b2ec}"
"12:26:39,4958537","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4959036","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 409, Name: {e104fb41-6b04-4f3a-b47d-f0df2f02b954}"
"12:26:39,4963837","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 410, Name: {e1dd7e52-621d-44e3-a1ad-0370c2b25946}"
"12:26:39,4966375","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 929.792, Length: 4.096"
"12:26:39,4968264","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 411, Name: {e23b33b0-c8c9-472c-a5f9-f2bdfea0f156}"
"12:26:39,4972672","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 412, Name: {e2816346-87f4-4f85-95c3-0c79409aa89d}"
"12:26:39,4973391","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,4977081","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 413, Name: {e4480490-85b6-11dd-ad8b-0800200c9a66}"
"12:26:39,4981638","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 933.888, Length: 4.096"
"12:26:39,4981918","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 414, Name: {e46eead8-0c54-4489-9898-8fa79d059e0e}"
"12:26:39,4987507","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 415, Name: {e4d53f84-7de3-11d8-9435-505054503030}"
"12:26:39,4992643","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,4992746","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 416, Name: {e53c6823-7bb8-44bb-90dc-3f86090d48a6}"
"12:26:39,4996086","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 937.984, Length: 4.096"
"12:26:39,4997546","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 417, Name: {e595f735-b42a-494b-afcd-b68666945cd3}"
"12:26:39,5001978","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 418, Name: {e5ba83f6-07d0-46b1-8bc7-7e669a1d31dc}"
"12:26:39,5009731","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 942.080, Length: 4.096"
"12:26:39,5013486","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 419, Name: {e6307a09-292c-497e-aad6-498f68e2b619}"
"12:26:39,5017508","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:39,5021123","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 420, Name: {e670a5a2-ce74-4ab4-9347-61b815319f4c}"
"12:26:39,5023343","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 946.176, Length: 4.096"
"12:26:39,5025545","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,5027556","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 421, Name: {e7558269-3fa5-46ed-9f4d-3c6e282dde55}"
"12:26:39,5034376","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 422, Name: {e7ef96be-969f-414f-97d7-3ddb7b558ccc}"
"12:26:39,5036597","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 950.272, Length: 4.096"
"12:26:39,5044411","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 423, Name: {e8316a2d-0d94-4f52-85dd-1e15b66c5891}"
"12:26:39,5051222","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 424, Name: {e837619c-a2a8-4689-833f-47b48ebd2442}"
"12:26:39,5052672","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 954.368, Length: 4.096"
"12:26:39,5063262","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 425, Name: {e856c26a-e105-4683-a948-6920dcc42e45}"
"12:26:39,5070087","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 426, Name: {e978f84e-582d-4167-977e-32af52706888}"
"12:26:39,5075680","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 427, Name: {eb3deb18-d1de-4897-8502-a230ad03db8a}"
"12:26:39,5076660","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 958.464, Length: 4.096"
"12:26:39,5077709","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,5080112","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 428, Name: {edd08927-9cc4-4e65-b970-c2560fb5c289}"
"12:26:39,5084525","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 429, Name: {ee4f43b5-03eb-41d2-a28c-ba8bee529247}"
"12:26:39,5090118","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 430, Name: {eef54e71-0661-422d-9a98-82fd4940b820}"
"12:26:39,5093514","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 962.560, Length: 4.096"
"12:26:39,5094956","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:26:39,5095348","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 431, Name: {ef1cc15b-46c1-414e-bb95-e76b077bd51e}"
"12:26:39,5100162","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 432, Name: {f0db7ef8-b6f3-4005-9937-feb77b9e1b43}"
"12:26:39,5102975","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:26:39,5104589","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 433, Name: {f230d19a-5d93-47d9-a83f-53829edfb8df}"
"12:26:39,5109142","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 966.656, Length: 4.096"
"12:26:39,5110588","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 434, Name: {f27b948b-0a7c-4eb6-92ec-8a2c1b353ecd}"
"12:26:39,5115785","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 435, Name: {f2c628ae-d26c-4352-9c45-74754e1e2f9f}"
"12:26:39,5123590","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:26:39,5125194","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 970.752, Length: 4.096"
"12:26:39,5125894","svchost.exe","588","RegEnumKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS","Index: 436, Name: {f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}"
"12:26:39,5136764","svchost.exe","588","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\WINEVT\Publishers","SUCCESS",""
"12:26:39,5138429","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:39,5141648","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 974.848, Length: 4.096"
"12:26:39,5158890","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 978.944, Length: 4.096"
"12:26:39,5173762","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 983.040, Length: 4.096"
"12:26:39,5190808","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 987.136, Length: 4.096"
"12:26:39,5196546","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:26:39,5211679","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 991.232, Length: 4.096"
"12:26:39,5226523","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 995.328, Length: 4.096"
"12:26:39,5242165","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 999.424, Length: 4.096"
"12:26:39,5257830","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.003.520, Length: 4.096"
"12:26:39,5267542","svchost.exe","588","CreateFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,5273443","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.007.616, Length: 4.096"
"12:26:39,5288726","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.011.712, Length: 4.096"
"12:26:39,5305553","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.015.808, Length: 4.096"
"12:26:39,5321586","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.019.904, Length: 4.096"
"12:26:39,5337634","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.024.000, Length: 4.096"
"12:26:39,5360049","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.028.096, Length: 4.096"
"12:26:39,5377683","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.032.192, Length: 4.096"
"12:26:39,5394146","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.036.288, Length: 4.096"
"12:26:39,5409801","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.040.384, Length: 4.096"
"12:26:39,5412558","svchost.exe","588","QueryBasicInformationFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","CreationTime: 21.11.2010 05:24:00, LastAccessTime: 21.11.2010 05:24:00, LastWriteTime: 21.11.2010 05:24:00, ChangeTime: 11.05.2013 14:07:58, FileAttributes: A"
"12:26:39,5419887","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:39,5420190","svchost.exe","588","CloseFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS",""
"12:26:39,5425429","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.044.480, Length: 4.096"
"12:26:39,5442694","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.048.576, Length: 4.096"
"12:26:39,5482813","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.052.672, Length: 4.096"
"12:26:39,5483998","svchost.exe","588","CreateFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,5486088","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,5498432","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.056.768, Length: 4.096"
"12:26:39,5498534","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: DNCI"
"12:26:39,5503768","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:39,5514517","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.060.864, Length: 4.096"
"12:26:39,5520614","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,5528558","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.064.960, Length: 4.096"
"12:26:39,5533055","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:39,5542245","svchost.exe","588","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","CreationTime: 21.11.2010 05:24:00, LastAccessTime: 21.11.2010 05:24:00, LastWriteTime: 21.11.2010 05:24:00, ChangeTime: 11.05.2013 14:07:58, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"12:26:39,5542982","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.069.056, Length: 4.096"
"12:26:39,5546980","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,5563028","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.073.152, Length: 4.096"
"12:26:39,5585126","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.077.248, Length: 4.096"
"12:26:39,5587487","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,5600325","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:39,5601164","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.081.344, Length: 4.096"
"12:26:39,5609976","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,5617226","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.085.440, Length: 4.096"
"12:26:39,5624918","SavService.exe","1536","RegOpenKey","HKU\S-1-5-19","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:39,5633246","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.089.536, Length: 4.096"
"12:26:39,5633754","SavService.exe","1536","RegQueryKey","HKU\S-1-5-19","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:39,5644176","SavService.exe","1536","RegOpenKey","HKU\S-1-5-19\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:39,5649722","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.093.632, Length: 4.096"
"12:26:39,5652190","SavService.exe","1536","RegSetInfoKey","HKU\S-1-5-19\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:39,5652871","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,5657014","SavService.exe","1536","RegCloseKey","HKU\S-1-5-19","SUCCESS",""
"12:26:39,5662224","SavService.exe","1536","RegQueryValue","HKU\S-1-5-19\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:39,5664151","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.097.728, Length: 4.096"
"12:26:39,5666512","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:39,5667832","SavService.exe","1536","RegCloseKey","HKU\S-1-5-19\Control Panel\International","SUCCESS",""
"12:26:39,5676537","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,5678599","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.101.824, Length: 4.096"
"12:26:39,5693041","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.105.920, Length: 4.096"
"12:26:39,5707092","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.110.016, Length: 4.096"
"12:26:39,5721517","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.114.112, Length: 4.096"
"12:26:39,5722384","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,5735642","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:39,5737163","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.118.208, Length: 4.096"
"12:26:39,5751578","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,5753607","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.122.304, Length: 4.096"
"12:26:39,5760511","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:39,5769659","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.126.400, Length: 4.096"
"12:26:39,5771353","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:39,5784513","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.130.496, Length: 4.096"
"12:26:39,5799758","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.134.592, Length: 4.096"
"12:26:39,5814089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:39,5814588","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.138.688, Length: 4.096"
"12:26:39,5828644","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.142.784, Length: 4.096"
"12:26:39,5843884","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.146.880, Length: 4.096"
"12:26:39,5845853","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:39,5858341","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.150.976, Length: 4.096"
"12:26:39,5871049","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:39,5873987","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.155.072, Length: 4.096"
"12:26:39,5888435","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.159.168, Length: 4.096"
"12:26:39,5889508","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.817.726, Length: 16.200"
"12:26:39,5902868","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.163.264, Length: 4.096"
"12:26:39,5914055","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,5916500","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.167.360, Length: 4.096"
"12:26:39,5927696","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: DNCI"
"12:26:39,5930159","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.171.456, Length: 4.096"
"12:26:39,5934119","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:39,5945404","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.175.552, Length: 4.096"
"12:26:39,5959446","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.179.648, Length: 4.096"
"12:26:39,5973884","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.183.744, Length: 4.096"
"12:26:39,5978577","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT-AUTORITÄT\LOKALER DIENST, OpenResult: Opened"
"12:26:39,5987515","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.187.840, Length: 4.096"
"12:26:39,5990197","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\fltmgr.sys","NO SUCH FILE","Filter: fltmgr.sys"
"12:26:39,5997829","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:39,6000749","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.191.936, Length: 4.096"
"12:26:39,6015608","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.196.032, Length: 4.096"
"12:26:39,6016373","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,6032061","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.200.128, Length: 4.096"
"12:26:39,6033106","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:39,6040766","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:39,6045160","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT-AUTORITÄT\LOKALER DIENST, OpenResult: Opened"
"12:26:39,6048505","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.204.224, Length: 4.096"
"12:26:39,6057597","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\fltmgr.sys","SUCCESS","Filter: fltmgr.sys, 1: fltMgr.sys"
"12:26:39,6064151","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.208.320, Length: 4.096"
"12:26:39,6069218","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:39,6079392","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.212.416, Length: 4.096"
"12:26:39,6094642","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.216.512, Length: 4.096"
"12:26:39,6109738","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,6110288","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.220.608, Length: 4.096"
"12:26:39,6122198","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,6126327","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.224.704, Length: 4.096"
"12:26:39,6128211","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,6145453","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT-AUTORITÄT\LOKALER DIENST, OpenResult: Opened"
"12:26:39,6147548","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.228.800, Length: 4.096"
"12:26:39,6161916","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:39,6167626","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.232.896, Length: 4.096"
"12:26:39,6168750","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:39,6186463","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.236.992, Length: 4.096"
"12:26:39,6189589","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT-AUTORITÄT\LOKALER DIENST, OpenResult: Opened"
"12:26:39,6201638","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:39,6206537","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.241.088, Length: 4.096"
"12:26:39,6212065","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:39,6213567","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,6224184","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.245.184, Length: 4.096"
"12:26:39,6228024","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,6234811","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:39,6239458","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.249.280, Length: 4.096"
"12:26:39,6256289","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.253.376, Length: 4.096"
"12:26:39,6272350","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.257.472, Length: 4.096"
"12:26:39,6289625","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.261.568, Length: 4.096"
"12:26:39,6303625","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT-AUTORITÄT\LOKALER DIENST, OpenResult: Opened"
"12:26:39,6309260","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.265.664, Length: 4.096"
"12:26:39,6312875","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:39,6313976","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,6318487","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:39,6325331","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.269.760, Length: 4.096"
"12:26:39,6328405","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:39,6335612","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:39,6336942","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT-AUTORITÄT\LOKALER DIENST, OpenResult: Opened"
"12:26:39,6341374","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.273.856, Length: 4.096"
"12:26:39,6352187","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:39,6357034","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.277.952, Length: 4.096"
"12:26:39,6365333","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:39,6372671","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.282.048, Length: 4.096"
"12:26:39,6387926","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.286.144, Length: 4.096"
"12:26:39,6403558","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.290.240, Length: 4.096"
"12:26:39,6408942","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,6409445","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT-AUTORITÄT\LOKALER DIENST, OpenResult: Opened"
"12:26:39,6418407","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.294.336, Length: 4.096"
"12:26:39,6421075","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:39,6421780","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:39,6426594","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:39,6431520","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:39,6434030","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.298.432, Length: 4.096"
"12:26:39,6448888","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.302.528, Length: 4.096"
"12:26:39,6463345","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.306.624, Length: 4.096"
"12:26:39,6478576","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.310.720, Length: 4.096"
"12:26:39,6494208","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.314.816, Length: 4.096"
"12:26:39,6494824","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,6505736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 260.716, Length: 4.096"
"12:26:39,6508059","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:39,6513270","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,6515355","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 258.048, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:39,6515943","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.318.912, Length: 4.096"
"12:26:39,6531598","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.323.008, Length: 4.096"
"12:26:39,6548957","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:39,6555091","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.327.104, Length: 4.096"
"12:26:39,6573527","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.331.200, Length: 4.096"
"12:26:39,6581878","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,6595504","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.335.296, Length: 4.096"
"12:26:39,6596297","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:39,6602735","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,6612354","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.339.392, Length: 4.096"
"12:26:39,6626415","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.343.488, Length: 4.096"
"12:26:39,6642686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:39,6650094","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.347.584, Length: 4.096"
"12:26:39,6669314","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.351.680, Length: 4.096"
"12:26:39,6672957","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,6686579","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:39,6686593","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.355.776, Length: 4.096"
"12:26:39,6691407","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:39,6703018","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.359.872, Length: 4.096"
"12:26:39,6707455","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,6719873","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.363.968, Length: 4.096"
"12:26:39,6719892","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,6736313","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.368.064, Length: 4.096"
"12:26:39,6738729","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,6753195","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.372.160, Length: 4.096"
"12:26:39,6757982","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:39,6761093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 282.624, Length: 7.040"
"12:26:39,6764013","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,6770036","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.376.256, Length: 4.096"
"12:26:39,6773511","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 282.624, Length: 7.040, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:39,6786097","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.380.352, Length: 4.096"
"12:26:39,6802938","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.384.448, Length: 4.096"
"12:26:39,6807445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 252.928, Length: 4.096"
"12:26:39,6808522","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:26:39,6816672","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 249.856, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:39,6818981","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.388.544, Length: 4.096"
"12:26:39,6834245","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.392.640, Length: 4.096"
"12:26:39,6850675","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.396.736, Length: 4.096"
"12:26:39,6865930","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.400.832, Length: 4.096"
"12:26:39,6871528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 257.024, Length: 4.096"
"12:26:39,6879967","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.404.928, Length: 4.096"
"12:26:39,6893206","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.409.024, Length: 4.096"
"12:26:39,6906436","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.413.120, Length: 4.096"
"12:26:39,6919675","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.417.216, Length: 4.096"
"12:26:39,6935340","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.421.312, Length: 4.096"
"12:26:39,6951383","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.425.408, Length: 4.096"
"12:26:39,6962621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 261.120, Length: 4.096"
"12:26:39,6965807","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.429.504, Length: 4.096"
"12:26:39,6979065","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.433.600, Length: 4.096"
"12:26:39,6993088","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.437.696, Length: 4.096"
"12:26:39,7006729","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.441.792, Length: 4.096"
"12:26:39,7015573","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 265.216, Length: 4.096"
"12:26:39,7020378","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.445.888, Length: 4.096"
"12:26:39,7029209","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:39,7030399","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 71.680, Length: 4.096"
"12:26:39,7033622","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.449.984, Length: 4.096"
"12:26:39,7037630","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:39,7050477","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.454.080, Length: 4.096"
"12:26:39,7058916","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:39,7064108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 268.800, Length: 4.096"
"12:26:39,7065312","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:39,7068507","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.458.176, Length: 4.096"
"12:26:39,7071726","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:39,7084970","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.462.272, Length: 4.096"
"12:26:39,7095396","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:39,7101806","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.466.368, Length: 4.096"
"12:26:39,7103420","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:39,7111472","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:26:39,7117882","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.470.464, Length: 4.096"
"12:26:39,7134699","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.474.560, Length: 4.096"
"12:26:39,7137111","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:","SUCCESS","Offset: 39.948.288, Length: 104, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:39,7145554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 272.896, Length: 4.096"
"12:26:39,7157590","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.478.656, Length: 4.096"
"12:26:39,7177220","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.482.752, Length: 4.096"
"12:26:39,7191299","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:39,7194080","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.486.848, Length: 4.096"
"12:26:39,7194108","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:39,7202514","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 273.408, Length: 4.096"
"12:26:39,7210510","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.490.944, Length: 4.096"
"12:26:39,7226571","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.495.040, Length: 4.096"
"12:26:39,7236139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:39,7242633","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.499.136, Length: 4.096"
"12:26:39,7258298","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.503.232, Length: 4.096"
"12:26:39,7273940","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.507.328, Length: 4.096"
"12:26:39,7281954","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,7289073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:39,7289600","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.511.424, Length: 4.096"
"12:26:39,7295208","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: ANCI"
"12:26:39,7300409","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:39,7306819","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.515.520, Length: 4.096"
"12:26:39,7320058","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,7326052","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.519.616, Length: 4.096"
"12:26:39,7334095","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:39,7342935","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.523.712, Length: 4.096"
"12:26:39,7350063","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,7352862","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:39,7357392","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.527.808, Length: 4.096"
"12:26:39,7361292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 172.032, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:39,7371448","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.531.904, Length: 4.096"
"12:26:39,7385471","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.536.000, Length: 4.096"
"12:26:39,7398724","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.540.096, Length: 4.096"
"12:26:39,7403813","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,7411972","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.544.192, Length: 4.096"
"12:26:39,7413470","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:39,7418685","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:39,7427600","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.548.288, Length: 4.096"
"12:26:39,7429490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 286.720, Length: 2.944"
"12:26:39,7430287","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,7443671","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.552.384, Length: 4.096"
"12:26:39,7455166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:39,7458879","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.556.480, Length: 4.096"
"12:26:39,7472030","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,7472552","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.560.576, Length: 4.096"
"12:26:39,7484471","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:39,7486589","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.564.672, Length: 4.096"
"12:26:39,7494902","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,7504661","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.568.768, Length: 4.096"
"12:26:39,7521950","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.572.864, Length: 4.096"
"12:26:39,7533813","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,7537176","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.576.960, Length: 4.096"
"12:26:39,7547859","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:39,7553858","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.581.056, Length: 4.096"
"12:26:39,7558295","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,7574716","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:39,7575285","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.585.152, Length: 4.096"
"12:26:39,7590754","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:26:39,7591729","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.589.248, Length: 4.096"
"12:26:39,7600774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 61.840, Length: 61.440"
"12:26:39,7607375","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.593.344, Length: 4.096"
"12:26:39,7609227","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 123.280, Length: 61.440"
"12:26:39,7618445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 131.072, Length: 57.344, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:39,7623418","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.597.440, Length: 4.096"
"12:26:39,7636513","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,7639480","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.601.536, Length: 4.096"
"12:26:39,7647867","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 184.720, Length: 61.440"
"12:26:39,7651749","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, FileAttributes: ANCI"
"12:26:39,7655126","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.605.632, Length: 4.096"
"12:26:39,7658182","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:39,7658695","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 188.416, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:39,7670381","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.609.728, Length: 4.096"
"12:26:39,7683975","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 246.160, Length: 36.464"
"12:26:39,7686405","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.613.824, Length: 4.096"
"12:26:39,7701277","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.617.920, Length: 4.096"
"12:26:39,7717712","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.622.016, Length: 4.096"
"12:26:39,7732542","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.626.112, Length: 4.096"
"12:26:39,7749620","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,7758465","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.630.208, Length: 4.096"
"12:26:39,7770128","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, FileAttributes: DNCI"
"12:26:39,7774919","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.634.304, Length: 4.096"
"12:26:39,7777359","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:39,7790145","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.638.400, Length: 4.096"
"12:26:39,7805409","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.642.496, Length: 4.096"
"12:26:39,7821433","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.646.592, Length: 4.096"
"12:26:39,7837514","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.650.688, Length: 4.096"
"12:26:39,7854770","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.654.784, Length: 4.096"
"12:26:39,7863297","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,7870798","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.658.880, Length: 4.096"
"12:26:39,7878552","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:39,7883772","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:39,7887233","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.662.976, Length: 4.096"
"12:26:39,7902903","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.667.072, Length: 4.096"
"12:26:39,7918955","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.671.168, Length: 4.096"
"12:26:39,7935381","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.675.264, Length: 4.096"
"12:26:39,7950761","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,7952249","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.679.360, Length: 4.096"
"12:26:39,7963590","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,7968703","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.683.456, Length: 4.096"
"12:26:39,7970816","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,7982740","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.687.552, Length: 4.096"
"12:26:39,7996758","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.691.648, Length: 4.096"
"12:26:39,8012423","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.695.744, Length: 4.096"
"12:26:39,8026483","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.699.840, Length: 4.096"
"12:26:39,8033000","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8040922","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.703.936, Length: 4.096"
"12:26:39,8046263","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,8051880","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:39,8058551","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.708.032, Length: 4.096"
"12:26:39,8074589","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.712.128, Length: 4.096"
"12:26:39,8089862","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.716.224, Length: 4.096"
"12:26:39,8103512","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.720.320, Length: 4.096"
"12:26:39,8112459","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8117535","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.724.416, Length: 4.096"
"12:26:39,8123688","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:39,8128484","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:39,8133597","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.728.512, Length: 3.520"
"12:26:39,8164185","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.598.864, Length: 16.200"
"12:26:39,8198174","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8211446","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:39,8214744","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:39,8217842","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:39,8281626","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8293667","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:39,8299288","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,8360698","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8372323","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:39,8376750","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,8396875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 284.011, Length: 4.096"
"12:26:39,8434522","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8446959","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:39,8448255","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.714.688, Length: 17.344"
"12:26:39,8456564","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:39,8470316","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.063.424, Length: 4.096"
"12:26:39,8472737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:39,8475033","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8479940","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.083.904, Length: 4.096"
"12:26:39,8489475","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,8490385","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.071.616, Length: 4.096"
"12:26:39,8500387","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.079.808, Length: 4.096"
"12:26:39,8508704","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8523581","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:39,8526473","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.085.952, Length: 4.096"
"12:26:39,8529968","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,8576114","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8598977","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:39,8610649","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:39,8611129","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 260.716, Length: 4.096"
"12:26:39,8615561","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.090.048, Length: 4.096"
"12:26:39,8619843","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:39,8619969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:39,8643122","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:39,8643229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 105.472, Length: 4.096"
"12:26:39,8653534","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:26:39,8655251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 260.716, Length: 4.096"
"12:26:39,8663993","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:39,8669694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:39,8670818","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:36, LastWriteTime: 06.10.2013 12:26:36, ChangeTime: 06.10.2013 12:26:36, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:39,8678543","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.065.472, Length: 4.096"
"12:26:39,8688988","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:39,8706626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:39,8714636","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.073.664, Length: 4.096"
"12:26:39,8723873","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:39,8733086","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.094.144, Length: 4.096"
"12:26:39,8741138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:39,8756640","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:39,8759994","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:39,8774833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:39,8788469","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:39,8801718","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:39,8814957","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:39,8828196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:39,8831597","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.098.240, Length: 4.096"
"12:26:39,8845443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:39,8857581","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8861080","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:39,8873242","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, FileAttributes: ANCI"
"12:26:39,8877533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:39,8879255","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:39,8891570","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:39,8897705","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8904824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:39,8910552","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:39,8914657","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.102.336, Length: 4.096"
"12:26:39,8918058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:39,8924976","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,8931302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:39,8948138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:39,8953993","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.067.520, Length: 4.096"
"12:26:39,8963803","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:39,8966705","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,8979454","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.104.384, Length: 4.096"
"12:26:39,8980257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:39,8981535","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:39,8992791","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,9003526","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.075.712, Length: 4.096"
"12:26:39,9004295","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:39,9017549","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.081.856, Length: 4.096"
"12:26:39,9021966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:39,9031296","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9036787","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:39,9037216","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.106.432, Length: 4.096"
"12:26:39,9045361","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:39,9052835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:39,9054575","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,9067278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:39,9080913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:39,9091876","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9096578","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:39,9103539","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:39,9111026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:39,9112323","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,9123859","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.110.528, Length: 4.096"
"12:26:39,9129075","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:39,9146326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:39,9161142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:39,9174792","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:39,9178556","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9188031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:39,9190597","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, FileAttributes: ANCI"
"12:26:39,9195402","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:39,9201284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:39,9207330","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.114.624, Length: 4.096"
"12:26:39,9214528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:39,9228584","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:39,9243428","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.069.568, Length: 4.096"
"12:26:39,9249441","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:39,9258365","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9266272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:39,9266692","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.116.672, Length: 4.096"
"12:26:39,9271623","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, FileAttributes: DNCI"
"12:26:39,9276442","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:39,9280314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:39,9289164","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.077.760, Length: 4.096"
"12:26:39,9293572","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:39,9306807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:39,9320037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:39,9324408","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.118.720, Length: 4.096"
"12:26:39,9333406","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9333682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:39,9345829","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:39,9351870","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:39,9352939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:39,9368175","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:39,9381824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:39,9397872","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:39,9412306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:39,9412837","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9423693","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,9425955","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.122.816, Length: 4.096"
"12:26:39,9428502","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:39,9429561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:39,9446005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:39,9462874","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:39,9480111","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:39,9492679","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9496957","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:39,9505120","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:39,9511138","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:39,9513023","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:39,9526663","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:39,9540294","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:39,9547119","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.126.912, Length: 4.096"
"12:26:39,9557961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:39,9572007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:39,9577740","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9585629","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:39,9588974","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:39,9593396","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:39,9600888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:39,9615704","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:39,9631775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:39,9647799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:39,9653575","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9662280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:39,9665979","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:39,9670420","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:39,9676708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:39,9690353","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:39,9703980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:39,9717229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:39,9728583","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9730472","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:39,9739826","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:39,9745438","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:39,9746119","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 286.720, Length: 2.944"
"12:26:39,9768184","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.714.688, Length: 4.096"
"12:26:39,9781452","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.360.384, Length: 4.096"
"12:26:39,9797844","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 260.716, Length: 4.096"
"12:26:39,9802822","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9808327","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:39,9811923","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:39,9814023","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:39,9818464","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:39,9826744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:39,9838402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:39,9852024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:39,9855257","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.714.688, Length: 4.096"
"12:26:39,9864880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:39,9877709","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:39,9890939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:39,9893360","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9903782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:39,9906987","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:39,9913014","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:39,9916634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:39,9918514","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 33.792, Length: 4.096"
"12:26:39,9932257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:39,9932280","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9945510","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:39,9953879","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:39,9958334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:39,9976299","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:39,9979136","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.714.688, Length: 4.096"
"12:26:39,9986380","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:39,9989935","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:39,9996368","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.718.784, Length: 13.248"
"12:26:40,0001989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:40,0009309","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:40,0010037","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 224, Length: 4.096"
"12:26:40,0013605","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:40,0017738","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:40,0025646","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:40,0037681","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:40,0051317","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:40,0063759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:40,0065867","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,0075398","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:40,0086314","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:40,0087037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:40,0096344","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:40,0098658","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:40,0102795","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:40,0111486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:40,0122864","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:40,0125159","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:40,0132376","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:40,0135301","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, FileAttributes: ANCI"
"12:26:40,0137988","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:40,0148428","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 4.096, Length: 57.744"
"12:26:40,0157735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:40,0159279","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 61.840, Length: 61.440"
"12:26:40,0170499","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 123.280, Length: 61.440"
"12:26:40,0170970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:40,0178228","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:26:40,0181326","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 184.720, Length: 61.440"
"12:26:40,0182628","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:40,0191766","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 246.160, Length: 61.440"
"12:26:40,0193861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:40,0203415","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 307.600, Length: 61.440"
"12:26:40,0205094","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:40,0214224","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 369.040, Length: 61.440"
"12:26:40,0216323","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:40,0225060","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 430.480, Length: 61.440"
"12:26:40,0227551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:40,0235883","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 491.920, Length: 61.440"
"12:26:40,0240385","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:40,0248325","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 553.360, Length: 61.440"
"12:26:40,0253643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:40,0258756","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 614.800, Length: 61.440"
"12:26:40,0265679","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:40,0268799","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 676.240, Length: 61.440"
"12:26:40,0276907","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:40,0279632","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 737.680, Length: 61.440"
"12:26:40,0288136","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:40,0289647","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 799.120, Length: 61.440"
"12:26:40,0298889","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 860.560, Length: 61.440"
"12:26:40,0301776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:40,0307724","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 922.000, Length: 61.440"
"12:26:40,0314600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:40,0317348","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 983.440, Length: 61.440"
"12:26:40,0326566","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.044.880, Length: 4.096"
"12:26:40,0327443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:40,0340682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:40,0353912","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:40,0366764","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:40,0379990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:40,0381203","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:40,0394843","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:40,0408082","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:40,0420930","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:40,0434150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:40,0449811","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:40,0458161","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,0462658","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:40,0473406","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, FileAttributes: DNCI"
"12:26:40,0475478","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:40,0480231","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:40,0487518","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:40,0499162","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:40,0501088","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,0510409","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:40,0515139","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:40,0522020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:40,0527175","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:40,0533244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:40,0546092","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:40,0557749","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:40,0569365","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:40,0570102","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,0580603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:40,0583743","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:40,0593059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:40,0594594","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:40,0606284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:40,0617919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:40,0629166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:40,0634302","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,0641206","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:40,0652370","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:40,0653620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:40,0662763","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:40,0665259","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:40,0676497","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:40,0687721","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:40,0698959","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 286.720, Length: 2.944"
"12:26:40,0702906","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,0716136","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:40,0726170","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:40,0767978","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 260.716, Length: 4.096"
"12:26:40,0799182","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:40,0835774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:40,0869385","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,0890672","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, FileAttributes: DNCI"
"12:26:40,0899909","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:40,0981010","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,0997052","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:40,1003849","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:40,1012298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 262.656, Length: 4.096"
"12:26:40,1096067","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,1110888","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:40,1117335","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:40,1185910","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,1199565","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:40,1206002","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:40,1274592","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,1283479","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1287449","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:40,1292706","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975899, endtime: 975899, seqnum: 0, connid: 0"
"12:26:40,1293849","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:40,1366441","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1374068","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1378500","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1382895","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1386897","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1393745","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1398163","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975899, endtime: 975899, seqnum: 0, connid: 0"
"12:26:40,1420210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:40,1421106","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,1435959","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:40,1445182","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:40,1523418","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,1544294","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:40,1551110","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:40,1624056","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,1636913","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:40,1643705","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:40,1681016","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1688247","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1693439","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:40,1699457","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975899, endtime: 975899, seqnum: 0, connid: 0"
"12:26:40,1739580","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,1753240","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:40,1759645","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1764869","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:40,1766059","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1770869","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1775268","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1778892","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,1786137","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:40,1791325","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975899, endtime: 975900, seqnum: 0, connid: 0"
"12:26:40,1795822","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,1811067","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:40,1841501","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,1863973","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:40,1871175","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:40,1895639","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, FileAttributes: ANCI"
"12:26:40,1929740","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:40,1964256","svchost.exe","588","CreateFileMapping","C:\Windows\System32\drivers\fltMgr.sys","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:26:40,1970274","svchost.exe","588","QueryStandardInformationFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","AllocationSize: 290.816, EndOfFile: 289.664, NumberOfLinks: 2, DeletePending: False, Directory: False"
"12:26:40,2012380","svchost.exe","588","CreateFileMapping","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","SyncType: SyncTypeOther"
"12:26:40,2031670","svchost.exe","588","Load Image","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS","Image Base: 0xdc0000, Image Size: 0x4c000"
"12:26:40,2040482","svchost.exe","588","CloseFile","C:\Windows\System32\drivers\fltMgr.sys","SUCCESS",""
"12:26:40,2044573","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:40,2049696","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2056525","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2060929","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:40,2066536","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975900, endtime: 975900, seqnum: 0, connid: 0"
"12:26:40,2130335","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2135555","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2139567","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2143168","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2146784","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2153594","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:40,2158427","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975900, endtime: 975900, seqnum: 0, connid: 0"
"12:26:40,2196932","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2201355","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2204956","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2209784","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975900, endtime: 975900, seqnum: 0, connid: 0"
"12:26:40,2237905","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:40,2242327","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:40, LastWriteTime: 06.10.2013 12:26:40, ChangeTime: 06.10.2013 12:26:40, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:26:40,2280077","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:40,2288105","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:39, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:40,2304960","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:26:40,2460048","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2468468","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975900, endtime: 975900, seqnum: 0, connid: 0"
"12:26:40,2524621","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2531058","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2535079","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2539063","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2542679","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2549116","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2553530","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975900, endtime: 975900, seqnum: 0, connid: 0"
"12:26:40,2685773","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:40,2695425","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:40,2702632","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:40,2708249","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:40,2713866","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:40,2718283","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:40,2723494","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:40,2850345","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:40,2857865","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.048.976, Length: 61.440"
"12:26:40,2864382","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:40,2869084","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.110.416, Length: 61.440"
"12:26:40,2872294","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2879100","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.171.856, Length: 61.440"
"12:26:40,2879520","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,2884315","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:40,2889153","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.233.296, Length: 61.440"
"12:26:40,2890730","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975901, endtime: 975901, seqnum: 0, connid: 0"
"12:26:40,2898795","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.294.736, Length: 61.440"
"12:26:40,2910794","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.356.176, Length: 61.440"
"12:26:40,2915044","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 256, Length: 4.096"
"12:26:40,2920049","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.417.616, Length: 61.440"
"12:26:40,2932066","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.479.056, Length: 61.440"
"12:26:40,2942105","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.540.496, Length: 61.440"
"12:26:40,2950950","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.601.936, Length: 61.440"
"12:26:40,2959781","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.663.376, Length: 51.312"
"12:26:40,2982089","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:40,2992506","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:40,2994279","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:40,3002536","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:40,3003758","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3009785","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3010998","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.140.216, Length: 16.200"
"12:26:40,3013760","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:26:40,3013788","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3017021","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3020617","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3021802","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:40,3027820","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:40,3032634","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:40,3032667","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975901, endtime: 975901, seqnum: 0, connid: 0"
"12:26:40,3040262","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:40,3048677","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:40,3056720","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:26:40,3063922","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:40,3066880","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:40,3067962","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3070743","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:40,3072767","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3075995","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3077969","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:40,3080007","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975901, endtime: 975901, seqnum: 0, connid: 0"
"12:26:40,3084141","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:40,3087336","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:40,3099367","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:26:40,3102572","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:40,3107018","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:40,3115009","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:40,3120248","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:40,3122263","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:40,3132694","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:40,3139878","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:40,3140699","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:26:40,3148303","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:40,3157166","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:40,3175220","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:40,3193250","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:40,3210898","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:40,3228550","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:40,3239228","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3246823","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3247005","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:40,3252039","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975901, endtime: 975901, seqnum: 0, connid: 0"
"12:26:40,3264653","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:40,3282324","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:40,3299962","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:40,3300657","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3307473","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3311097","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3314694","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3317936","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3319229","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:40,3324346","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:40,3328339","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975901, endtime: 975901, seqnum: 0, connid: 0"
"12:26:40,3338882","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:40,3356535","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:40,3385504","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:40,3403544","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:40,3418378","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:40,3436059","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:40,3451313","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:40,3465341","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:40,3480162","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:40,3495827","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:40,3509864","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:40,3524297","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:40,3539566","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:40,3554806","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:40,3568839","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:40,3583309","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:40,3599721","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:40,3615381","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:40,3632241","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:40,3647864","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:40,3663519","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:40,3677972","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:40,3691225","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:40,3704455","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:40,3717689","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:40,3731349","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:40,3747779","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:40,3762222","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:40,3775881","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:40,3789918","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:40,3803148","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:40,3817590","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:40,3831637","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:40,3846901","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:40,3861745","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:40,3875380","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:40,3888606","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:40,3901836","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:40,3915476","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:40,3929518","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:40,3944371","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:40,3958007","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:40,3971242","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:40,3984481","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:40,3998952","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:40,4012569","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:40,4026233","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:40,4043064","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:40,4059093","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:40,4073148","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:40,4086388","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:40,4099249","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:40,4112465","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:40,4125322","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:40,4147378","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 286.720, Length: 4.096"
"12:26:40,4163827","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 290.816, Length: 4.096"
"12:26:40,4177864","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:40,4191509","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 299.008, Length: 4.096"
"12:26:40,4205159","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 303.104, Length: 4.096"
"12:26:40,4218389","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:40,4234049","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 311.296, Length: 4.096"
"12:26:40,4250507","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 315.392, Length: 4.096"
"12:26:40,4266125","svchost.exe","884","ReadFile","C:\Windows\System32\umpo.dll","SUCCESS","Offset: 147.456, Length: 6.656, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:40,4266956","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 319.488, Length: 4.096"
"12:26:40,4282598","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 323.584, Length: 4.096"
"12:26:40,4285009","svchost.exe","884","ReadFile","C:\Windows\System32\umpo.dll","SUCCESS","Offset: 133.120, Length: 10.240, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:40,4297451","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 327.680, Length: 4.096"
"12:26:40,4301155","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:40,4312412","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:40,4313485","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 331.776, Length: 4.096"
"12:26:40,4320002","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:40,4327256","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:40,4328716","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 335.872, Length: 4.096"
"12:26:40,4338680","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:40,4346377","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 339.968, Length: 4.096"
"12:26:40,4350310","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:40,4357555","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:40,4362850","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 344.064, Length: 4.096"
"12:26:40,4370043","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:40,4380880","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:40,4381290","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 348.160, Length: 4.096"
"12:26:40,4387691","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:40,4394525","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:40,4399353","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 352.256, Length: 4.096"
"12:26:40,4400921","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:40,4414580","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:40,4428220","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:40,4433953","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.558.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4441987","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.558.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4444254","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 364.544, Length: 4.096"
"12:26:40,4446820","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.558.559, Length: 1.460"
"12:26:40,4454027","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.560.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4458729","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 368.640, Length: 4.096"
"12:26:40,4459224","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.560.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4463646","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.560.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4467271","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.560.019, Length: 5.840"
"12:26:40,4473167","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 372.736, Length: 4.096"
"12:26:40,4475687","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.565.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4487204","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 376.832, Length: 4.096"
"12:26:40,4497006","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.565.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4502436","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 380.928, Length: 4.096"
"12:26:40,4504614","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.565.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4509037","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.565.859, Length: 1.460"
"12:26:40,4516099","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 385.024, Length: 4.096"
"12:26:40,4517037","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.567.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4530542","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 389.120, Length: 4.096"
"12:26:40,4546972","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 393.216, Length: 4.096"
"12:26:40,4556512","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.726.278, Length: 4.096"
"12:26:40,4561014","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 397.312, Length: 4.096"
"12:26:40,4573875","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 401.408, Length: 4.096"
"12:26:40,4588682","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 405.504, Length: 4.096"
"12:26:40,4596081","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.567.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4603130","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 409.600, Length: 4.096"
"12:26:40,4605290","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.567.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4616406","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 413.696, Length: 4.096"
"12:26:40,4618524","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.567.319, Length: 1.460"
"12:26:40,4625760","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.568.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4636046","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 417.792, Length: 4.096"
"12:26:40,4639992","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:40,4643267","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:40,4650078","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:40,4653278","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 421.888, Length: 4.096"
"12:26:40,4656124","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:40,4664946","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:40,4670152","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 425.984, Length: 4.096"
"12:26:40,4672666","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.568.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4677737","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:40,4680289","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.568.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4684193","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 430.080, Length: 4.096"
"12:26:40,4685532","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.568.779, Length: 5.840"
"12:26:40,4693164","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.574.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4697820","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 434.176, Length: 4.096"
"12:26:40,4710686","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 438.272, Length: 4.096"
"12:26:40,4723916","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 442.368, Length: 4.096"
"12:26:40,4741969","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 446.464, Length: 4.096"
"12:26:40,4758022","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 450.560, Length: 4.096"
"12:26:40,4768285","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.574.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4774069","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 454.656, Length: 4.096"
"12:26:40,4776714","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.574.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4779229","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:40,4782718","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.574.619, Length: 2.920"
"12:26:40,4789725","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 458.752, Length: 4.096"
"12:26:40,4790331","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.577.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4803291","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.243.648, Length: 4.096"
"12:26:40,4803739","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 462.848, Length: 4.096"
"12:26:40,4814925","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:40,4816983","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 466.944, Length: 4.096"
"12:26:40,4831034","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 471.040, Length: 4.096"
"12:26:40,4837779","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.577.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4846685","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 475.136, Length: 4.096"
"12:26:40,4848555","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.577.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4858580","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.577.539, Length: 1.460"
"12:26:40,4861911","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 479.232, Length: 4.096"
"12:26:40,4867001","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.578.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4875150","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 483.328, Length: 4.096"
"12:26:40,4888012","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 487.424, Length: 4.096"
"12:26:40,4901648","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 491.520, Length: 4.096"
"12:26:40,4910413","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.578.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4914882","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 495.616, Length: 4.096"
"12:26:40,4923657","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.578.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4928112","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 499.712, Length: 4.096"
"12:26:40,4938473","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.578.999, Length: 2.920"
"12:26:40,4938870","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 1.714.688, Length: 4.096"
"12:26:40,4943773","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 503.808, Length: 4.096"
"12:26:40,4948923","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.581.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,4957026","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 507.904, Length: 4.096"
"12:26:40,4970232","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 512.000, Length: 4.096"
"12:26:40,4983071","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 516.096, Length: 4.096"
"12:26:40,4997122","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 520.192, Length: 4.096"
"12:26:40,5010379","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 524.288, Length: 4.096"
"12:26:40,5011798","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.581.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5019406","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.581.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5023992","SavService.exe","1536","ReadFile","C:\Windows\System32\wbemcomn.dll","SUCCESS","Offset: 528.384, Length: 1.024"
"12:26:40,5024225","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.581.919, Length: 5.840"
"12:26:40,5035869","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.587.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5038453","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.672.224, Length: 16.200"
"12:26:40,5090664","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.587.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5097862","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.587.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5102303","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.587.759, Length: 2.920"
"12:26:40,5110700","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.590.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5178814","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.590.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5187244","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.590.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5193257","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.590.679, Length: 552"
"12:26:40,5202064","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.591.231, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5267388","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.591.231, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5274988","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.591.231, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5280212","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.591.231, Length: 4.380"
"12:26:40,5287835","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.595.611, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5378802","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.595.611, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5386420","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.595.611, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5391244","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.595.611, Length: 3.828"
"12:26:40,5399258","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.599.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5465539","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.599.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5472326","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.599.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5477159","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.599.439, Length: 1.460"
"12:26:40,5483980","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.600.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5552462","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.600.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5560504","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.600.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5566522","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.600.899, Length: 5.840"
"12:26:40,5575344","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.606.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5577550","SavService.exe","1536","ReadFile","C:\Windows\System32\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:40,5619988","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.606.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5626421","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.606.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5632835","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.606.739, Length: 2.920"
"12:26:40,5639655","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.609.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5710610","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.609.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5718214","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.609.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5724241","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.609.659, Length: 2.920"
"12:26:40,5744706","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.612.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5787363","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.612.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5794598","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.612.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5799833","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.612.579, Length: 552"
"12:26:40,5807031","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.613.131, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5868856","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.613.131, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5876875","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.613.131, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5882888","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.613.131, Length: 2.920"
"12:26:40,5891332","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.616.051, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5951604","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.616.051, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5959217","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.616.051, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,5964446","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.616.051, Length: 5.288"
"12:26:40,5972876","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.621.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6021728","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.621.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6032131","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.621.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6038550","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.621.339, Length: 2.920"
"12:26:40,6052316","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.624.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6083712","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.624.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6091344","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.624.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6096167","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.624.259, Length: 552"
"12:26:40,6102563","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.624.811, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6244920","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.624.811, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6252939","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.624.811, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6258565","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.624.811, Length: 2.920"
"12:26:40,6266972","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.627.731, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6313123","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.627.731, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6319523","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.627.731, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6323927","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.627.731, Length: 3.828"
"12:26:40,6332375","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.631.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6451351","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.631.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6458946","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.631.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6467595","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.631.559, Length: 10.220"
"12:26:40,6479201","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.641.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6521074","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.641.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6533908","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.641.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6540327","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.641.779, Length: 2.920"
"12:26:40,6549946","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.644.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6593960","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.644.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6601592","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.644.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6606780","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.644.699, Length: 552"
"12:26:40,6621236","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.645.251, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6719159","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.645.251, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6726782","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.645.251, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6733210","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.645.251, Length: 2.920"
"12:26:40,6741654","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.648.171, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6807524","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.648.171, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6815529","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.648.171, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6820768","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.648.171, Length: 2.920"
"12:26:40,6827998","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.651.091, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6890533","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.651.091, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6898141","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.651.091, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6903753","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.651.091, Length: 2.368"
"12:26:40,6912160","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.653.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6966936","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.653.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6974573","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.653.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,6979760","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.653.459, Length: 2.920"
"12:26:40,6987803","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.656.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7056933","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.656.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7064957","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.656.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7070966","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.656.379, Length: 552"
"12:26:40,7078588","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.656.931, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7137190","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.656.931, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7145634","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.656.931, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7151246","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.656.931, Length: 4.380"
"12:26:40,7166999","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.661.311, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7246034","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.661.311, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7252835","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.661.311, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7258065","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.661.311, Length: 3.828"
"12:26:40,7266089","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.665.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7403436","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.665.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7411464","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.667.840, EndOfFile: 405.665.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7423108","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.665.139, Length: 2.920, Priority: Normal"
"12:26:40,7472841","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.668.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7479270","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.668.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7484868","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.668.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7488894","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.668.059, Length: 1.460"
"12:26:40,7494888","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.669.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7627859","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.669.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7639102","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.669.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7644331","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.669.519, Length: 1.460"
"12:26:40,7651516","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.670.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7714656","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.670.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7723879","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.670.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7728703","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.670.979, Length: 4.380"
"12:26:40,7741107","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.675.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7790504","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.675.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7797348","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.675.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7802941","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.675.359, Length: 4.380"
"12:26:40,7812155","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.679.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7867589","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.679.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7874838","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.679.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7880021","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.679.739, Length: 3.472"
"12:26:40,7888073","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.683.211, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7967219","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.683.211, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7974431","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.683.211, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,7978868","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.683.211, Length: 5.840"
"12:26:40,7987284","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.689.051, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,8063971","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.689.051, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,8071599","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.689.051, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,8076418","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.689.051, Length: 2.368"
"12:26:40,8083639","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.691.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,8145805","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.691.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,8152630","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.691.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,8157850","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.691.419, Length: 4.380"
"12:26:40,8165472","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.695.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,8258175","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.695.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,8265019","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.695.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,8269815","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.695.799, Length: 11.680"
"12:26:40,8278636","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.707.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:40,8825467","csrss.exe","720","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\SideBySide\PublisherPolicyChangeTime","SUCCESS","Type: REG_QWORD, Length: 8, Data: "
"12:26:41,1267632","svchost.exe","948","ReadFile","C:\Windows\System32\vmictimeprovider.dll","SUCCESS","Offset: 47.616, Length: 2.048, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,1310540","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:41,1324974","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,1344231","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:26:41,1364692","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:26:41,1380366","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:26:41,2103161","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2110383","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2115981","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975910, endtime: 975910, seqnum: 0, connid: 0"
"12:26:41,2170967","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2175767","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2178576","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2181356","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2183796","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2189016","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2193000","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975910, endtime: 975910, seqnum: 0, connid: 0"
"12:26:41,2295014","svchost.exe","884","ReadFile","C:\Windows\System32\umpnpmgr.dll","SUCCESS","Offset: 360.960, Length: 13.312, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,2331727","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.707.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,2336075","svchost.exe","884","ReadFile","C:\Windows\System32\umpnpmgr.dll","SUCCESS","Offset: 343.040, Length: 12.800, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,2339355","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.707.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,2343772","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.707.479, Length: 2.920"
"12:26:41,2361723","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.710.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,2364541","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:26:41,2377398","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:26:41,2390297","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:26:41,2399524","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:26:41,2420502","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:26:41,2438561","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:41,2447391","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:41,2455415","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:41,2462226","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:41,2468934","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2469476","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:41,2475731","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2476282","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:41,2479347","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:41,2483093","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:41,2484147","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975910, endtime: 975910, seqnum: 0, connid: 0"
"12:26:41,2490711","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:41,2497158","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:41,2502354","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:41,2507575","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:41,2526622","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,2532290","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2534613","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:41,2535924","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2539110","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2541554","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2542665","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:41,2544353","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2549578","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:41,2550301","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:41,2553161","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975910, endtime: 975910, seqnum: 0, connid: 0"
"12:26:41,2557108","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:41,2564324","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:41,2588377","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:41,2597842","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:41,2619511","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:41,2655222","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:41,2661212","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:41,2671283","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:41,2678524","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,2685745","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:41,2695737","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,2726662","svchost.exe","884","ReadFile","C:\Windows\System32\umpnpmgr.dll","SUCCESS","Offset: 330.752, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,2765964","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,2779190","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,2789219","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,2810781","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:41,2821613","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,2829245","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,2836061","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,2861284","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2861336","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,2867311","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2870138","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,2872923","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975911, endtime: 975911, seqnum: 0, connid: 0"
"12:26:41,2882197","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,2894196","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:41,2903838","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,2911480","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:41,2923492","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,2931940","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,2941163","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,2946761","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2948762","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:41,2953180","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2957187","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2958395","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,2960014","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2963210","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2966037","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,2969619","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,2973627","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975911, endtime: 975911, seqnum: 0, connid: 0"
"12:26:41,2974051","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,2982066","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,2988891","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,2991564","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.710.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,2998790","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.710.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3004015","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.710.399, Length: 8.760"
"12:26:41,3004943","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,3012169","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:41,3020193","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,3023262","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.719.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3027386","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:41,3064646","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,3073467","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,3081892","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,3088302","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:41,3095532","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,3101508","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.719.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3101947","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,3107937","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,3111137","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.719.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3113955","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,3116768","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.719.159, Length: 9.312"
"12:26:41,3122002","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,3126779","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.728.471, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3129232","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,3134840","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:41,3140839","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,3145285","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:41,3169594","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,3177646","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,3186281","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.728.471, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3188874","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,3200103","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:26:41,3206928","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,3217350","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.728.471, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3220363","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3223792","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.728.471, Length: 2.368"
"12:26:41,3227585","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3232800","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:41,3233794","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.730.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3238431","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975911, endtime: 975911, seqnum: 0, connid: 0"
"12:26:41,3300601","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3306628","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3311041","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3312581","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,3315067","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3319457","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3325811","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,3326296","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:41,3331502","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975911, endtime: 975911, seqnum: 0, connid: 0"
"12:26:41,3333849","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,3339465","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:41,3354785","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,3364017","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,3372036","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,3382467","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,3392273","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:41,3409352","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,3416191","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:41,3422997","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:41,3429826","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:41,3474354","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.730.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3481948","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.733.376, EndOfFile: 405.730.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3493602","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.730.839, Length: 2.920, Priority: Normal"
"12:26:41,3544795","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.733.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3551620","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.733.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3557629","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.733.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3562485","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.733.759, Length: 8.760"
"12:26:41,3570513","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.742.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3596689","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3603518","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3608314","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:41,3613945","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975911, endtime: 975911, seqnum: 0, connid: 0"
"12:26:41,3676148","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3681363","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3685370","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3688967","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3691057","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.742.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3692564","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3697462","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.742.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3698983","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:41,3702304","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.742.519, Length: 3.472"
"12:26:41,3704208","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975911, endtime: 975911, seqnum: 0, connid: 0"
"12:26:41,3709913","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.745.991, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,3956654","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3963484","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,3967911","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:41,3973518","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975912, endtime: 975912, seqnum: 0, connid: 0"
"12:26:41,4034093","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,4039309","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,4042537","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,4045350","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,4048153","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,4054572","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:41,4059373","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975912, endtime: 975912, seqnum: 0, connid: 0"
"12:26:41,4094281","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,4098311","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,4101110","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,4105108","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975912, endtime: 975912, seqnum: 0, connid: 0"
"12:26:41,4226445","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.745.991, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4240067","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.745.991, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4245693","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.745.991, Length: 8.208"
"12:26:41,4259795","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.754.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4308848","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,4316493","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975912, endtime: 975912, seqnum: 0, connid: 0"
"12:26:41,4339352","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:41,4344138","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975912, endtime: 975912, seqnum: 0, connid: 0"
"12:26:41,4453901","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.754.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4461538","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.754.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4466753","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.754.199, Length: 3.472"
"12:26:41,4474366","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.757.671, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4547621","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.757.671, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4558803","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.757.671, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4566024","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.757.671, Length: 7.300"
"12:26:41,4575270","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.764.971, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4639227","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.764.971, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4647247","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.764.971, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4658074","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.764.971, Length: 908"
"12:26:41,4662105","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:41,4666882","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.765.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4671304","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:41,4680541","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:41,4690179","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:41,4699387","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:41,4740789","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.765.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4749200","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.765.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,4757005","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.765.879, Length: 3.472"
"12:26:41,4767837","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.769.351, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5315368","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.769.351, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5321791","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.769.351, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5326191","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.769.351, Length: 5.840"
"12:26:41,5335824","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.775.191, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5403219","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.775.191, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5411229","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.775.191, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5416454","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.775.191, Length: 2.368"
"12:26:41,5424491","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.777.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5493342","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.777.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5510201","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.777.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5516196","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.777.559, Length: 4.380"
"12:26:41,5524621","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.781.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5587636","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.781.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5594050","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.781.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5598869","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.781.939, Length: 2.920"
"12:26:41,5606091","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.784.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:41,5957108","svchost.exe","964","ReadFile","C:\Windows\System32\rpcss.dll","SUCCESS","Offset: 493.568, Length: 14.336, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,5984655","svchost.exe","964","ReadFile","C:\Windows\System32\rpcss.dll","SUCCESS","Offset: 485.376, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,6015677","svchost.exe","964","ReadFile","C:\Windows\System32\rpcss.dll","SUCCESS","Offset: 465.408, Length: 11.776, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,6042100","svchost.exe","964","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6052130","svchost.exe","964","RegOpenKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Desired Access: Read"
"12:26:41,6061777","svchost.exe","964","RegQueryKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6070179","svchost.exe","964","RegOpenKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
"12:26:41,6079019","svchost.exe","964","RegQueryKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6087458","svchost.exe","964","RegOpenKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid","NAME NOT FOUND","Desired Access: Query Value"
"12:26:41,6096942","svchost.exe","964","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6112182","svchost.exe","964","RegOpenKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Desired Access: Read"
"12:26:41,6122226","svchost.exe","964","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:41,6128244","svchost.exe","964","RegQueryKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x601"
"12:26:41,6136258","svchost.exe","964","RegOpenKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid","NAME NOT FOUND","Desired Access: Query Value"
"12:26:41,6143074","svchost.exe","964","RegCloseKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS",""
"12:26:41,6148695","svchost.exe","964","RegQueryValue","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: Windows Management and Instrumentation"
"12:26:41,6155128","svchost.exe","964","RegQueryValue","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: Windows Management and Instrumentation"
"12:26:41,6161515","svchost.exe","964","RegQueryKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6167547","svchost.exe","964","RegOpenKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32","NAME NOT FOUND","Desired Access: Read"
"12:26:41,6173191","svchost.exe","964","RegQueryValue","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AppID","SUCCESS","Type: REG_SZ, Length: 78, Data: {8BC3F05E-D86B-11D0-A075-00C04FB68820}"
"12:26:41,6182003","svchost.exe","964","RegQueryKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6188422","svchost.exe","964","RegOpenKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer","NAME NOT FOUND","Desired Access: Query Value"
"12:26:41,6194039","svchost.exe","964","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6199646","svchost.exe","964","RegOpenKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Desired Access: Read"
"12:26:41,6206065","svchost.exe","964","RegQueryKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6211290","svchost.exe","964","RegOpenKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Elevation","NAME NOT FOUND","Desired Access: Read"
"12:26:41,6216921","svchost.exe","964","RegCloseKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS",""
"12:26:41,6222122","svchost.exe","964","RegCloseKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS",""
"12:26:41,6229722","svchost.exe","964","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6236575","svchost.exe","964","RegOpenKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Desired Access: Read"
"12:26:41,6243357","svchost.exe","964","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:41,6247789","svchost.exe","964","RegQueryKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x601"
"12:26:41,6253023","svchost.exe","964","RegOpenKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs","NAME NOT FOUND","Desired Access: Query Value"
"12:26:41,6258631","svchost.exe","964","RegQueryKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x601"
"12:26:41,6264247","svchost.exe","964","RegOpenKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid","NAME NOT FOUND","Desired Access: Query Value"
"12:26:41,6269449","svchost.exe","964","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6274664","svchost.exe","964","RegOpenKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Desired Access: Read"
"12:26:41,6280272","svchost.exe","964","RegSetInfoKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:41,6285100","svchost.exe","964","RegQueryKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x100"
"12:26:41,6290329","svchost.exe","964","RegOpenKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid","NAME NOT FOUND","Desired Access: Query Value"
"12:26:41,6295941","svchost.exe","964","RegCloseKey","HKCR\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS",""
"12:26:41,6301143","svchost.exe","964","RegQueryValue","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: Windows Management and Instrumentation"
"12:26:41,6306386","svchost.exe","964","RegQueryValue","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: Windows Management and Instrumentation"
"12:26:41,6312003","svchost.exe","964","RegQueryKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x601"
"12:26:41,6317601","svchost.exe","964","RegOpenKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32","NAME NOT FOUND","Desired Access: Read"
"12:26:41,6322835","svchost.exe","964","RegQueryValue","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AppID","SUCCESS","Type: REG_SZ, Length: 78, Data: {8BC3F05E-D86B-11D0-A075-00C04FB68820}"
"12:26:41,6330033","svchost.exe","964","RegQueryKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x601"
"12:26:41,6335654","svchost.exe","964","RegOpenKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer","NAME NOT FOUND","Desired Access: Query Value"
"12:26:41,6340870","svchost.exe","964","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,6348497","svchost.exe","964","RegOpenKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Desired Access: Read"
"12:26:41,6355705","svchost.exe","964","RegSetInfoKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:41,6366597","svchost.exe","964","RegQueryKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS","Query: HandleTags, HandleTags: 0x601"
"12:26:41,6377835","svchost.exe","964","RegOpenKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Elevation","NAME NOT FOUND","Desired Access: Read"
"12:26:41,6387445","svchost.exe","964","RegCloseKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS",""
"12:26:41,6393883","svchost.exe","964","RegCloseKey","HKCR\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}","SUCCESS",""
"12:26:41,7506154","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:41,7516203","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:41,7523792","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:41,7532222","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:41,7539467","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:41,7545858","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:41,7551880","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:41,7646566","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:41,7658667","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:41,7709763","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:26:41,7769638","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:41,7788909","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.286.554, Length: 16.200"
"12:26:41,7874773","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:41,7891226","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\wbem\wbemsvc.dll","SUCCESS","Filter: wbemsvc.dll, 1: wbemsvc.dll"
"12:26:41,7904872","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\wbem","SUCCESS",""
"12:26:41,7954218","SavService.exe","1536","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:41,7965451","SavService.exe","1536","QueryDirectory","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Filter: wbemsvc.dll, 1: wbemsvc.dll"
"12:26:41,7975476","SavService.exe","1536","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:26:41,8009265","svchost.exe","1528","ReadFile","C:\Windows\System32\dnsrslvr.dll","SUCCESS","Offset: 172.032, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,8033756","svchost.exe","1528","ReadFile","C:\Windows\System32\dnsrslvr.dll","SUCCESS","Offset: 158.720, Length: 3.584, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,8054091","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:41,8057011","svchost.exe","1528","CreateFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:41,8071365","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:41,8077383","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:41,8095442","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:41,8105872","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:41,8115870","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:41,8134068","svchost.exe","1528","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","CreationTime: 14.07.2009 04:34:48, LastAccessTime: 31.07.2013 22:04:45, LastWriteTime: 11.05.2013 14:01:47, ChangeTime: 31.07.2013 22:05:23, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"12:26:41,8149691","svchost.exe","1528","ReadFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS","Offset: 0, Length: 896, Priority: Normal"
"12:26:41,8179374","svchost.exe","1528","ReadFile","C:\Windows\System32\drivers\etc\hosts","END OF FILE","Offset: 896, Length: 4.096"
"12:26:41,8197838","svchost.exe","1528","ReadFile","C:\Windows\System32\drivers\etc\hosts","END OF FILE","Offset: 896, Length: 4.096"
"12:26:41,8209855","svchost.exe","1528","CloseFile","C:\Windows\System32\drivers\etc\hosts","SUCCESS",""
"12:26:41,8212491","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:41,8223318","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:41,8228930","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:41,8248188","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:41,8258609","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:41,8268634","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:41,8274466","svchost.exe","1528","CreateFile","C:\Windows\System32\drivers\etc\hosts.ics","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:41,8307149","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:41,8317192","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:41,8326830","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:41,8336650","svchost.exe","1528","QueryNetworkOpenInformationFile","C:\Windows\System32\drivers\etc\hosts.ics","SUCCESS","CreationTime: 17.05.2013 15:45:22, LastAccessTime: 17.05.2013 15:45:22, LastWriteTime: 17.05.2013 15:59:08, ChangeTime: 17.05.2013 15:59:08, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"12:26:41,8349899","svchost.exe","1528","ReadFile","C:\Windows\System32\drivers\etc\hosts.ics","SUCCESS","Offset: 0, Length: 438, Priority: Normal"
"12:26:41,8364346","svchost.exe","1528","ReadFile","C:\Windows\System32\drivers\etc\hosts.ics","END OF FILE","Offset: 438, Length: 4.096"
"12:26:41,8382278","svchost.exe","1528","CloseFile","C:\Windows\System32\drivers\etc\hosts.ics","SUCCESS",""
"12:26:41,8406672","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:41,8423097","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:26:41,8429213","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:62333 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 43, seqnum: 0, connid: 0"
"12:26:41,8463851","svchost.exe","1528","ReadFile","C:\Windows\System32\mswsock.dll","SUCCESS","Offset: 316.416, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,8484493","svchost.exe","1528","ReadFile","C:\Windows\System32\mswsock.dll","SUCCESS","Offset: 312.320, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,8486126","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:62333 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 93, seqnum: 0, connid: 0"
"12:26:41,8509787","svchost.exe","1528","ReadFile","C:\Windows\System32\mswsock.dll","SUCCESS","Offset: 291.840, Length: 13.312, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,8510958","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:41,8542129","svchost.exe","1528","ReadFile","C:\Windows\System32\mswsock.dll","SUCCESS","Offset: 312.320, Length: 11.776, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:41,8623286","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 9.216, Length: 4.096"
"12:26:41,8639749","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 48.128, Length: 4.096"
"12:26:41,8697511","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 59.392, Length: 4.096"
"12:26:41,8719189","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:41,8965147","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 51.712, Length: 4.096"
"12:26:41,8978778","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 1.136, Length: 4.096"
"12:26:41,9301689","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 5.232, Length: 4.096"
"12:26:41,9646017","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\wbemsvc.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:42,0731721","lsass.exe","780","ReadFile","C:\Windows\System32\samsrv.dll","SUCCESS","Offset: 712.192, Length: 13.824, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,0772535","lsass.exe","780","ReadFile","C:\Windows\System32\samsrv.dll","SUCCESS","Offset: 708.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,0794671","lsass.exe","780","ReadFile","C:\Windows\System32\samsrv.dll","SUCCESS","Offset: 668.672, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,0817819","lsass.exe","780","ReadFile","C:\Windows\System32\lsasrv.dll","SUCCESS","Offset: 1.393.664, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,0843779","lsass.exe","780","ReadFile","C:\Windows\System32\lsasrv.dll","SUCCESS","Offset: 1.377.280, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,0867953","lsass.exe","780","ReadFile","C:\Windows\System32\lsasrv.dll","SUCCESS","Offset: 1.294.336, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,0890051","lsass.exe","780","ReadFile","C:\Windows\System32\lsasrv.dll","SUCCESS","Offset: 1.373.184, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,0911123","lsass.exe","780","ReadFile","C:\Windows\System32\lsasrv.dll","SUCCESS","Offset: 1.286.144, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,0939832","lsass.exe","780","ReadFile","C:\Windows\System32\lsass.exe","SUCCESS","Offset: 27.648, Length: 1.024, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,0964211","lsass.exe","780","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Account\Groups\000003E8","NAME NOT FOUND","Desired Access: Read/Write"
"12:26:42,0977450","lsass.exe","780","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Account\Aliases\000003E8","NAME NOT FOUND","Desired Access: Read/Write"
"12:26:42,0985866","lsass.exe","780","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Account\Users\000003E8","SUCCESS","Desired Access: Read/Write"
"12:26:42,0994720","lsass.exe","780","RegQueryValue","HKLM\SAM\SAM\DOMAINS\Account\Users\000003E8\V","SUCCESS","Type: REG_BINARY, Length: 452, Data: 00 00 00 00 BC 00 00 00 02 00 01 00 BC 00 00 00"
"12:26:42,1002347","lsass.exe","780","RegCloseKey","HKLM\SAM\SAM\DOMAINS\Account\Users\000003E8","SUCCESS",""
"12:26:42,1059685","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\wbemcore.dll","SUCCESS","Offset: 980.480, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,1084036","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
"12:26:42,1098875","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
"12:26:42,1109302","svchost.exe","512","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\wmi","NAME NOT FOUND","Length: 532"
"12:26:42,1116537","svchost.exe","512","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
"12:26:42,1124155","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
"12:26:42,1133774","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
"12:26:42,1142204","svchost.exe","512","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\wmi","NAME NOT FOUND","Length: 532"
"12:26:42,1148632","svchost.exe","512","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
"12:26:42,1157067","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
"12:26:42,1165492","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
"12:26:42,1173114","svchost.exe","512","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\wmi","NAME NOT FOUND","Length: 532"
"12:26:42,1179897","svchost.exe","512","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
"12:26:42,1187548","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
"12:26:42,1195170","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
"12:26:42,1202000","svchost.exe","512","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\wmi","NAME NOT FOUND","Length: 532"
"12:26:42,1208396","svchost.exe","512","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
"12:26:42,2023842","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:42,2046789","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,2055238","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:42,2062870","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:42,2068897","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:42,2075712","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,2080527","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:42,2086932","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:42,2093351","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:42,2097372","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,2101766","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:42,2106184","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:42,2247342","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:42,2257353","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,2263796","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:42,2270196","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:42,2274996","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:42,2279428","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:42,2284653","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:42,2381349","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:42,2393375","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,2466812","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:26:42,2516989","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:42,2543346","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.236.444, Length: 16.200"
"12:26:42,2604723","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:42,2617972","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\wbem\fastprox.dll","SUCCESS","Filter: fastprox.dll, 1: fastprox.dll"
"12:26:42,2633618","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\wbem","SUCCESS",""
"12:26:42,2682577","SavService.exe","1536","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:42,2694590","SavService.exe","1536","QueryDirectory","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Filter: fastprox.dll, 1: fastprox.dll"
"12:26:42,2705828","SavService.exe","1536","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:26:42,2811938","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:42,2850354","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:42,2860006","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:42,2884077","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:42,2896915","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:42,2908130","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:42,2987566","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:42,2996793","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:42,3001225","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:42,3017277","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:42,3026906","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:42,3037309","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:42,3057625","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,3076513","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:42,3084924","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:42,3087621","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:42,3102451","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:42,3114095","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:42,3132283","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:42,3184331","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 142.356, Length: 4.096"
"12:26:42,3193148","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 139.264, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,3198699","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3207903","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975921, endtime: 975921, seqnum: 0, connid: 0"
"12:26:42,3233598","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,3260897","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, FileAttributes: ANCI"
"12:26:42,3267302","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:42,3276539","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3276558","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:26:42,3280322","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:42,3282557","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3286564","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3288957","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,3290567","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3294173","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3300606","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3302630","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,3303419","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:42,3305817","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975921, endtime: 975921, seqnum: 0, connid: 0"
"12:26:42,3315035","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,3317456","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:42,3326693","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:42,3346514","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:42,3353736","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,3356791","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,3359348","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:42,3366569","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:42,3370035","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:42,3373412","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:42,3378231","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,3380457","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:42,3383046","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:42,3388243","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:42,3389460","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:42,3424158","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,3437421","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:42,3447040","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:42,3464478","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 165.762, Length: 4.096"
"12:26:42,3473710","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 163.840, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,3484757","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,3496792","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:42,3504835","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:42,3547925","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,3553691","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:42,3555977","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:42,3564799","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:42,3566194","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3568568","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 592.896, Length: 4.096"
"12:26:42,3573009","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3574007","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:26:42,3577809","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:42,3578994","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 589.824, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,3580818","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:42,3583053","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975921, endtime: 975921, seqnum: 0, connid: 0"
"12:26:42,3599516","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,3609531","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:42,3613907","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 607.232, Length: 4.096"
"12:26:42,3619165","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:42,3622724","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 606.208, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,3628798","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:26:42,3630986","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,3636817","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:42,3644020","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,3649846","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, FileAttributes: ANCI"
"12:26:42,3651642","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3655864","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:42,3656872","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 599.040, Length: 4.096"
"12:26:42,3658075","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3659139","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:42,3662493","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3666482","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3670372","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:42,3670480","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3672532","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 598.016, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,3677715","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:42,3679231","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:26:42,3682128","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975921, endtime: 975921, seqnum: 0, connid: 0"
"12:26:42,3688967","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:42,3695811","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,3697383","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 605.184, Length: 4.096"
"12:26:42,3703816","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:42,3712250","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:42,3720269","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:26:42,3724678","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3727103","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:42,3730691","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3732958","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,3734679","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3737912","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,3743109","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975921, endtime: 975921, seqnum: 0, connid: 0"
"12:26:42,3751553","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:40, LastWriteTime: 06.10.2013 12:26:40, ChangeTime: 06.10.2013 12:26:40, FileAttributes: DNCI"
"12:26:42,3758387","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:42,3759730","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 611.328, Length: 4.096"
"12:26:42,3768561","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 614.400, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,3831278","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,3844904","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:42,3849737","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:42,3858880","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 615.424, Length: 4.096"
"12:26:42,3911903","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,3924745","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:42,3930754","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:42,3980735","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 619.520, Length: 4.096"
"12:26:42,3998368","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 622.592, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,4013273","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4027707","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:42,4034937","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:42,4048820","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4055655","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4061267","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975922, endtime: 975922, seqnum: 0, connid: 0"
"12:26:42,4103121","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4115978","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:42,4121431","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4121594","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:42,4127869","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4132282","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4135879","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4139485","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4145913","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4151940","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975922, endtime: 975922, seqnum: 0, connid: 0"
"12:26:42,4163360","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 623.616, Length: 4.096"
"12:26:42,4216229","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4231063","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:42,4236041","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 627.712, Length: 4.096"
"12:26:42,4237870","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:42,4280162","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 594.944, Length: 4.096"
"12:26:42,4300199","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 631.808, Length: 4.096"
"12:26:42,4303264","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4311068","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 601.088, Length: 4.096"
"12:26:42,4315299","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:42,4321737","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:42,4339916","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 633.856, Length: 4.096"
"12:26:42,4391684","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 637.952, Length: 4.096"
"12:26:42,4404886","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4414510","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4418932","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:42,4422132","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4425333","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:42,4426937","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:42,4433342","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975922, endtime: 975922, seqnum: 0, connid: 0"
"12:26:42,4445061","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 642.048, Length: 4.096"
"12:26:42,4501540","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4505878","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4506359","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4509596","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4513594","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4517214","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4518740","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:42,4524417","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:42,4526726","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:42,4529245","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975922, endtime: 975922, seqnum: 0, connid: 0"
"12:26:42,4542083","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 646.144, Length: 4.096"
"12:26:42,4545181","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4557646","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,4577304","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4583411","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4588202","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4591444","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4593734","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:42,4595036","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4599360","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,4600653","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975922, endtime: 975922, seqnum: 0, connid: 0"
"12:26:42,4607599","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 650.240, Length: 4.096"
"12:26:42,4622956","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4644284","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4660980","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 654.336, Length: 4.096"
"12:26:42,4662459","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:42,4664773","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:42,4670884","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:42,4673585","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:42,4677690","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:42,4686143","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:42,4696294","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win
"
"12:26:42,4696975","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:42,4703940","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5a00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:42,4711563","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:42,4722876","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 658.432, Length: 4.096"
"12:26:42,4746042","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4747325","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 596.992, Length: 4.096"
"12:26:42,4762104","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:42,4768905","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:42,4773425","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 603.136, Length: 4.096"
"12:26:42,4774862","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4783306","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975923, endtime: 975923, seqnum: 0, connid: 0"
"12:26:42,4785923","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 660.480, Length: 4.096"
"12:26:42,4815047","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:42,4842691","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4845803","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 664.576, Length: 4.096"
"12:26:42,4849484","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4853925","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4858328","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4862742","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4869963","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4875575","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975923, endtime: 975923, seqnum: 0, connid: 0"
"12:26:42,4902749","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 668.672, Length: 4.096"
"12:26:42,4914532","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4927230","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4933020","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, FileAttributes: ANCI"
"12:26:42,4934041","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,4940614","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:42,4941244","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975923, endtime: 975923, seqnum: 0, connid: 0"
"12:26:42,4958635","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 672.768, Length: 4.096"
"12:26:42,4961901","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,4980598","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:42,4993432","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,5009983","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 676.864, Length: 4.096"
"12:26:42,5037590","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5051599","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:42,5060850","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:42,5063756","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 680.960, Length: 4.096"
"12:26:42,5096561","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5108200","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:42,5114054","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 685.056, Length: 4.096"
"12:26:42,5117437","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:42,5155550","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5159781","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,5168752","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:42,5169008","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975923, endtime: 975923, seqnum: 0, connid: 0"
"12:26:42,5177988","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:42,5212327","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,5217963","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,5221974","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,5225595","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:42,5230787","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975923, endtime: 975923, seqnum: 0, connid: 0"
"12:26:42,5251033","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5265060","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, FileAttributes: ANCI"
"12:26:42,5269492","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:42,5332442","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5347855","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:40, LastWriteTime: 06.10.2013 12:26:40, ChangeTime: 06.10.2013 12:26:40, FileAttributes: DNCI"
"12:26:42,5355473","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:42,5386500","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 703.488, Length: 4.096"
"12:26:42,5402132","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 584.704, Length: 4.096"
"12:26:42,5412964","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 581.632, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,5426917","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5440945","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:42,5446543","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:42,5473945","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 707.584, Length: 4.096"
"12:26:42,5526375","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5542423","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:42,5548468","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:42,5549751","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 711.680, Length: 4.096"
"12:26:42,5610648","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5622259","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:42,5626715","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:42,5648071","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 586.752, Length: 4.096"
"12:26:42,5686576","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 904.704, Length: 4.096"
"12:26:42,5688899","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5695421","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 901.120, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,5700519","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:42,5704942","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:42,5741310","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:42,5755371","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 142.336, Length: 4.096"
"12:26:42,5763082","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5775948","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:42,5780370","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:42,5821539","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 396.288, Length: 4.096"
"12:26:42,5831965","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 393.216, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,5848437","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5865684","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:42,5872513","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:42,5908602","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:42,5925452","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 846.848, Length: 4.096"
"12:26:42,5954757","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,5968790","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:42,5975223","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:42,6042604","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 142.356, Length: 4.096"
"12:26:42,6050646","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:42,6057126","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6070701","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 848.384, Length: 4.096"
"12:26:42,6071965","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:42,6077587","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:42,6079532","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 851.968, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,6096027","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6109271","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,6110316","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 142.356, Length: 4.096"
"12:26:42,6128552","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6152539","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:42,6165662","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,6216202","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6236271","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:42,6244300","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:42,6264765","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:42,6272803","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5a00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:42,6281610","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:42,6337786","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:26:42,6428852","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 146.452, Length: 4.096"
"12:26:42,6438896","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 147.456, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,6445720","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6460126","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, FileAttributes: ANCI"
"12:26:42,6465360","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:42,6470711","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 150.548, Length: 4.096"
"12:26:42,6482317","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 151.552, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,6485420","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6498645","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:42,6508707","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,6514408","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 154.644, Length: 4.096"
"12:26:42,6523267","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 155.648, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,6558679","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6575552","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:42,6587961","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:42,6634112","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6647766","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:42,6657777","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:42,6698316","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6710347","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 504.832, Length: 4.096"
"12:26:42,6711117","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:42,6720372","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:42,6720755","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 503.808, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,6779660","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 265.216, Length: 4.096"
"12:26:42,6789699","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 262.144, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,6790189","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6804137","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, FileAttributes: ANCI"
"12:26:42,6814167","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:42,6815772","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 502.784, Length: 4.096"
"12:26:42,6824607","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 499.712, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,6848277","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 267.264, Length: 4.096"
"12:26:42,6856707","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 270.336, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,6891587","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6904033","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:40, LastWriteTime: 06.10.2013 12:26:40, ChangeTime: 06.10.2013 12:26:40, FileAttributes: DNCI"
"12:26:42,6909253","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:42,6971037","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,6982275","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:42,6987061","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:42,7046036","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,7058496","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:42,7064094","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:42,7121068","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,7133887","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:42,7139121","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:42,7196911","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,7208532","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:42,7213337","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:42,7296677","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,7311908","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:42,7318337","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:42,7397488","SavService.exe","1536","ReadFile","C:\Windows\System32\wbem\fastprox.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:42,7403482","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,7417491","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:42,7423523","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:42,7494958","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,7508169","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:42,7514197","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:42,7581601","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,7594038","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:42,7600891","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:42,7623759","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,7648875","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,7674537","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,7692605","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:42,7698226","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,7745968","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,7761619","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:42,7771639","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:42,7778459","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:42,7799088","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:42,7805922","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:42,7817958","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:42,8404087","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:42,8487572","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,8502794","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:40, LastWriteTime: 06.10.2013 12:26:40, ChangeTime: 06.10.2013 12:26:40, FileAttributes: DNCI"
"12:26:42,8508425","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:42,8525284","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,8539321","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:42,8550144","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,8588238","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,8599905","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:42,8610336","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:42,8653632","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,8667692","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:42,8677722","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:42,8705824","svchost.exe","512","Thread Create","","SUCCESS","Thread ID: 8948"
"12:26:42,8719464","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,8733100","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:42,8741912","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:42,8805688","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,8818960","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:40, LastWriteTime: 06.10.2013 12:26:40, ChangeTime: 06.10.2013 12:26:40, FileAttributes: DNCI"
"12:26:42,8824152","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:42,8845140","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\wbemcore.dll","SUCCESS","Offset: 972.288, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,8885772","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.031.616, Length: 8.192"
"12:26:42,8891561","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,8900611","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.031.616, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,8903592","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:40, LastWriteTime: 06.10.2013 12:26:40, ChangeTime: 06.10.2013 12:26:40, FileAttributes: DNCI"
"12:26:42,8908392","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:42,8971416","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,8983457","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:42,8988257","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:42,9000801","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.777.664, Length: 8.192"
"12:26:42,9014852","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.777.664, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:42,9048025","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9058867","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:42,9063284","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:42,9126280","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9140952","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:42,9150739","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:42,9218540","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9233804","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:42,9240218","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:42,9304390","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9318026","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:42,9322863","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:42,9352696","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\WmiPrvSD.dll","SUCCESS","Offset: 643.072, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:42,9375699","svchost.exe","512","Thread Create","","SUCCESS","Thread ID: 8844"
"12:26:42,9385841","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9398264","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:42,9404291","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:42,9468477","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9479323","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:42,9484926","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:42,9561362","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9575413","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:42,9581020","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:42,9598280","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9610699","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,9629802","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:42,9631150","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9639855","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,9646824","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:42,9647463","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:42,9652847","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:42,9655907","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:42,9662312","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:42,9668736","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:42,9692947","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9709377","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:26:42,9716198","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:26:42,9739369","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:26:42,9755836","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:26:42,9767872","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:26:42,9775471","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:42,9787642","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:42,9796883","svchost.exe","512","RegCreateKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:42,9797541","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:42,9808942","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,9813174","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:42,9815739","svchost.exe","512","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\InProcServer32","SUCCESS","Desired Access: Read"
"12:26:42,9819630","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:42,9828176","svchost.exe","512","RegSetInfoKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:42,9837007","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:42,9842237","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 78, Data: %systemroot%\system32\wbem\wmiprov.dll"
"12:26:42,9848637","svchost.exe","512","RegCloseKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS",""
"12:26:42,9857067","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:42,9865104","svchost.exe","512","RegCreateKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:42,9868561","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:42,9874336","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,9879958","svchost.exe","512","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\LocalServer32","NAME NOT FOUND","Desired Access: Read"
"12:26:42,9886344","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:42,9894396","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:42,9900414","svchost.exe","512","RegCreateKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:42,9908270","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:42,9908839","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,9914432","svchost.exe","512","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\InProcServer32","SUCCESS","Desired Access: Read"
"12:26:42,9920464","svchost.exe","512","RegSetInfoKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:42,9925283","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:42,9931707","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
"12:26:42,9938503","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\Synchronization","NAME NOT FOUND","Length: 144"
"12:26:42,9943336","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 78, Data: %systemroot%\system32\wbem\wmiprov.dll"
"12:26:42,9948939","svchost.exe","512","RegCloseKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS",""
"12:26:42,9956982","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:42,9963004","svchost.exe","512","RegCreateKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:42,9972208","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:42,9977447","svchost.exe","512","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\LocalServer32","NAME NOT FOUND","Desired Access: Read"
"12:26:42,9983064","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:42,9990280","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:42,9996298","svchost.exe","512","RegCreateKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,0002675","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0004303","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,0009519","svchost.exe","512","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}","SUCCESS","Desired Access: Read"
"12:26:43,0015518","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:43,0016759","svchost.exe","512","RegSetInfoKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:43,0020738","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:43,0021974","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:43,0026784","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\(Default)","SUCCESS","Type: REG_SZ, Length: 44, Data: WDM Instance Provider"
"12:26:43,0033198","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\AppId","NAME NOT FOUND","Length: 144"
"12:26:43,0045635","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0048803","svchost.exe","512","RegCloseKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}","SUCCESS",""
"12:26:43,0061272","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:43,0072515","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,0113044","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0125882","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:43,0141902","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:43,0178835","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0190857","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:43,0198899","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:43,0237003","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0250643","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:43,0260673","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:43,0344107","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0357336","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:43,0366046","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:43,0453533","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0468359","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:43,0475170","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:43,0547790","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0561453","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:43,0568241","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:43,0630440","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0643296","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:43,0649706","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:43,0711872","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0722737","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:43,0727527","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:43,0787729","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0798566","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:43,0803357","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:43,0862360","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0872502","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\WmiPrvSD.dll","SUCCESS","Offset: 723.968, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:43,0873551","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:43,0877983","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:43,0906953","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,0918984","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,0926592","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:43,0936613","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:43,0939762","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,0942663","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:43,0949483","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:43,0954685","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:43,0965097","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:43,1019053","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:43,1029078","svchost.exe","512","RegCreateKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,1039747","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,1043493","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,1049949","svchost.exe","512","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\InProcServer32","SUCCESS","Desired Access: Read"
"12:26:43,1052580","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:43,1057786","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:43,1058700","svchost.exe","512","RegSetInfoKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:43,1069131","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:43,1073834","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,1075961","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 78, Data: %systemroot%\system32\wbem\wmiprov.dll"
"12:26:43,1083570","svchost.exe","512","RegCloseKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS",""
"12:26:43,1085879","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,1094826","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:43,1102836","svchost.exe","512","RegCreateKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,1103946","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,1114461","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,1119975","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:43,1120502","svchost.exe","512","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\LocalServer32","NAME NOT FOUND","Desired Access: Read"
"12:26:43,1125578","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,1128909","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:43,1139759","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:43,1154459","svchost.exe","512","RegCreateKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,1162926","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,1169704","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,1177331","svchost.exe","512","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\InProcServer32","SUCCESS","Desired Access: Read"
"12:26:43,1178157","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:26:43,1184553","svchost.exe","512","RegSetInfoKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:43,1184977","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:26:43,1190188","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:43,1195394","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
"12:26:43,1201407","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\Synchronization","NAME NOT FOUND","Length: 144"
"12:26:43,1206492","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:26:43,1207425","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 78, Data: %systemroot%\system32\wbem\wmiprov.dll"
"12:26:43,1213056","svchost.exe","512","RegCloseKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS",""
"12:26:43,1220161","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:43,1222685","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:43,1230713","svchost.exe","512","RegCreateKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,1242310","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,1249144","svchost.exe","512","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\LocalServer32","NAME NOT FOUND","Desired Access: Read"
"12:26:43,1257182","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:43,1267585","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:43,1275222","svchost.exe","512","RegCreateKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,1289557","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,1299163","svchost.exe","512","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}","SUCCESS","Desired Access: Read"
"12:26:43,1307205","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:26:43,1308395","svchost.exe","512","RegSetInfoKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:43,1315247","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:43,1321261","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\(Default)","SUCCESS","Type: REG_SZ, Length: 44, Data: WDM Instance Provider"
"12:26:43,1327278","svchost.exe","512","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\AppId","NAME NOT FOUND","Length: 144"
"12:26:43,1334901","svchost.exe","512","RegCloseKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}","SUCCESS",""
"12:26:43,1528788","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:43,1593393","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,1605410","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:40, LastWriteTime: 06.10.2013 12:26:40, ChangeTime: 06.10.2013 12:26:40, FileAttributes: DNCI"
"12:26:43,1611433","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:43,1627905","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,1653427","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:43,1665482","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,1709612","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,1723267","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:43,1735457","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:43,1791217","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,1804848","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:43,1814076","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:43,1854190","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,1867448","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:43,1877473","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:43,1878672","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,1889495","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,1897934","svchost.exe","512","RegOpenKey","HKLM\system\currentcontrolset\control\minint","REPARSE","Desired Access: Read"
"12:26:43,1908365","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\control\minint","NAME NOT FOUND","Desired Access: Read"
"12:26:43,1921007","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:43,1945769","PrintIsolationHost.exe","9596","Thread Exit","","SUCCESS","Thread ID: 9600, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:26:43,1950070","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:43,1977850","wmiprvse.exe","3952","Thread Create","","SUCCESS","Thread ID: 6268"
"12:26:43,2009474","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2021108","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:40, LastWriteTime: 06.10.2013 12:26:40, ChangeTime: 06.10.2013 12:26:40, FileAttributes: DNCI"
"12:26:43,2025918","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:43,2064008","PrintIsolationHost.exe","9596","Thread Exit","","SUCCESS","Thread ID: 9680, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:26:43,2087277","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2100120","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:43,2104551","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:43,2165528","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2177139","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:43,2181580","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:43,2264962","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2278570","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:43,2282120","wmiprvse.exe","3952","Thread Create","","SUCCESS","Thread ID: 8816"
"12:26:43,2283795","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:43,2359018","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2374268","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:43,2380262","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:43,2446482","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2459315","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:43,2464134","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:43,2476846","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:43,2488467","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,2498898","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,2506539","svchost.exe","512","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,2517338","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:43,2525526","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2526197","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,2536633","svchost.exe","512","RegOpenKey","HKCR\Clsid\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\Implemented Categories\{00000003-0000-0000-C000-000000000046}","SUCCESS","Desired Access: Read"
"12:26:43,2538751","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:43,2543952","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:43,2550250","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:43,2558680","svchost.exe","512","RegCloseKey","HKCR\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\Implemented Categories\{00000003-0000-0000-C000-000000000046}","SUCCESS",""
"12:26:43,2591978","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,2600403","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,2604942","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2607238","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:43,2615261","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:43,2615793","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:43,2620220","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:43,2622469","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:43,2631314","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:43,2678374","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2689216","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:43,2695630","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:43,2704871","wmiprvse.exe","3952","ReadFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Offset: 354.816, Length: 12.800, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:43,2711267","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2722911","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,2727618","wmiprvse.exe","3952","ReadFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Offset: 350.720, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:43,2742182","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,2749049","wmiprvse.exe","3952","ReadFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Offset: 314.368, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:43,2757413","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:43,2762638","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,2772421","wmiprvse.exe","3952","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,2784447","wmiprvse.exe","3952","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\InProcServer32","SUCCESS","Desired Access: Read"
"12:26:43,2796469","wmiprvse.exe","3952","RegSetInfoKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:43,2800737","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:26:43,2805701","wmiprvse.exe","3952","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 78, Data: %systemroot%\system32\wbem\wmiprov.dll"
"12:26:43,2817335","wmiprvse.exe","3952","RegCloseKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS",""
"12:26:43,2831806","wmiprvse.exe","3952","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,2846781","wmiprvse.exe","3952","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\LocalServer32","NAME NOT FOUND","Desired Access: Read"
"12:26:43,2858816","wmiprvse.exe","3952","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,2866854","wmiprvse.exe","3952","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\InProcServer32","SUCCESS","Desired Access: Read"
"12:26:43,2875289","wmiprvse.exe","3952","RegSetInfoKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:43,2881703","wmiprvse.exe","3952","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\ThreadingModel","SUCCESS","Type: REG_SZ, Length: 10, Data: Both"
"12:26:43,2888896","wmiprvse.exe","3952","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\Synchronization","NAME NOT FOUND","Length: 144"
"12:26:43,2894532","wmiprvse.exe","3952","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 78, Data: %systemroot%\system32\wbem\wmiprov.dll"
"12:26:43,2901347","wmiprvse.exe","3952","RegCloseKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32","SUCCESS",""
"12:26:43,2907388","wmiprvse.exe","3952","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,2914185","wmiprvse.exe","3952","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\LocalServer32","NAME NOT FOUND","Desired Access: Read"
"12:26:43,2920609","wmiprvse.exe","3952","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,2926632","wmiprvse.exe","3952","RegOpenKey","HKCR\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}","SUCCESS","Desired Access: Read"
"12:26:43,2936265","wmiprvse.exe","3952","RegSetInfoKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:43,2942255","wmiprvse.exe","3952","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\(Default)","SUCCESS","Type: REG_SZ, Length: 44, Data: WDM Instance Provider"
"12:26:43,2947913","wmiprvse.exe","3952","RegQueryValue","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\AppId","NAME NOT FOUND","Length: 144"
"12:26:43,2953926","wmiprvse.exe","3952","RegCloseKey","HKCR\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}","SUCCESS",""
"12:26:43,2996341","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:43,3006762","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,3013097","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:43,3016377","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,3025049","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:43,3025623","svchost.exe","512","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,3035639","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:43,3042449","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,3049270","svchost.exe","512","RegOpenKey","HKCR\Clsid\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\Implemented Categories\{00000003-0000-0000-C000-000000000046}","SUCCESS","Desired Access: Read"
"12:26:43,3054350","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,3057312","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:43,3061534","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,3063335","svchost.exe","512","RegCloseKey","HKCR\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\Implemented Categories\{00000003-0000-0000-C000-000000000046}","SUCCESS",""
"12:26:43,3067566","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:43,3090438","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:43,3096862","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:43,3103300","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:26:43,3168675","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:43,3270353","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,3284782","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, FileAttributes: ANCI"
"12:26:43,3290002","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:43,3307659","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,3320082","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:43,3330910","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,3387300","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,3401361","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:43,3411404","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:43,3450306","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,3462346","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:43,3470757","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:43,3505689","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,3517323","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:43,3525338","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:43,3608015","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,3622472","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, FileAttributes: ANCI"
"12:26:43,3628061","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:43,3695885","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,3708691","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:43,3714713","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:43,3802383","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,3816424","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:43,3821654","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:43,3888246","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,3899886","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:43,3904686","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:43,3964081","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,3975076","wmiprvse.exe","3952","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,3976723","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:43,3985526","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:43,3986692","wmiprvse.exe","3952","RegCreateKey","HKLM\Software\Microsoft\WBEM\CIMOM","SUCCESS","Desired Access: Read/Write"
"12:26:43,4002357","wmiprvse.exe","3952","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WBEM\CIMOM\Logging","SUCCESS","Type: REG_SZ, Length: 4, Data: 0"
"12:26:43,4010381","wmiprvse.exe","3952","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WBEM\CIMOM\Log File Max Size","SUCCESS","Type: REG_SZ, Length: 12, Data: 65536"
"12:26:43,4018787","wmiprvse.exe","3952","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WBEM\CIMOM","SUCCESS",""
"12:26:43,4058538","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4071385","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:43,4076610","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:43,4108295","lsass.exe","780","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Account\Groups\000003E8","NAME NOT FOUND","Desired Access: Read/Write"
"12:26:43,4119155","lsass.exe","780","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Account\Aliases\000003E8","NAME NOT FOUND","Desired Access: Read/Write"
"12:26:43,4130365","lsass.exe","780","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Account\Users\000003E8","SUCCESS","Desired Access: Read/Write"
"12:26:43,4141607","lsass.exe","780","RegQueryValue","HKLM\SAM\SAM\DOMAINS\Account\Users\000003E8\V","SUCCESS","Type: REG_BINARY, Length: 452, Data: 00 00 00 00 BC 00 00 00 02 00 01 00 BC 00 00 00"
"12:26:43,4142601","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4150424","lsass.exe","780","RegCloseKey","HKLM\SAM\SAM\DOMAINS\Account\Users\000003E8","SUCCESS",""
"12:26:43,4163048","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:43,4169079","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:43,4241303","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4253735","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:43,4259371","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:43,4295702","wmiprvse.exe","3952","CreateFile","C:\Windows\System32\wbem\wbemprox.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4325730","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4336842","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4338246","wmiprvse.exe","3952","QueryBasicInformationFile","C:\Windows\System32\wbem\wbemprox.dll","SUCCESS","CreationTime: 14.07.2009 01:46:59, LastAccessTime: 14.07.2009 01:46:59, LastWriteTime: 14.07.2009 03:41:56, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:26:43,4343816","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:43,4345701","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975932, endtime: 975932, seqnum: 0, connid: 0"
"12:26:43,4349886","wmiprvse.exe","3952","CloseFile","C:\Windows\System32\wbem\wbemprox.dll","SUCCESS",""
"12:26:43,4351061","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:43,4397837","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4403846","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4407862","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4411496","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4415489","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4418648","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4420733","wmiprvse.exe","3952","CreateFile","C:\Windows\System32\wbem\wbemprox.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4421922","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4427115","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975932, endtime: 975932, seqnum: 0, connid: 0"
"12:26:43,4434285","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:43,4447547","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:43,4462443","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4467663","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4468820","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4471665","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4476480","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975932, endtime: 975932, seqnum: 0, connid: 0"
"12:26:43,4478094","wmiprvse.exe","3952","QueryNetworkOpenInformationFile","C:\Windows\System32\wbem\wbemprox.dll","SUCCESS","CreationTime: 14.07.2009 01:46:59, LastAccessTime: 14.07.2009 01:46:59, LastWriteTime: 14.07.2009 03:41:56, ChangeTime: 11.05.2013 14:09:02, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"12:26:43,4483645","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,4491729","wmiprvse.exe","3952","CreateFileMapping","C:\Windows\System32\wbem\wbemprox.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:26:43,4507707","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4532180","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:43,4533845","wmiprvse.exe","3952","CreateFileMapping","C:\Windows\System32\wbem\wbemprox.dll","SUCCESS","SyncType: SyncTypeOther"
"12:26:43,4540600","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,4597541","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4598759","wmiprvse.exe","3952","Load Image","C:\Windows\System32\wbem\wbemprox.dll","SUCCESS","Image Base: 0x7fef57a0000, Image Size: 0xf000"
"12:26:43,4610374","wmiprvse.exe","3952","CloseFile","C:\Windows\System32\wbem\wbemprox.dll","SUCCESS",""
"12:26:43,4621622","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:43,4643277","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:43,4652103","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:43,4660365","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:43,4670427","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:43,4671351","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:43,4674164","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4678511","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:43,4679785","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:26:43,4680993","wmiprvse.exe","3952","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read"
"12:26:43,4682565","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975932, endtime: 975932, seqnum: 0, connid: 0"
"12:26:43,4689829","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:43,4690939","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:43,4693453","wmiprvse.exe","3952","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"
"12:26:43,4697045","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:39, LastWriteTime: 06.10.2013 12:26:39, ChangeTime: 06.10.2013 12:26:40, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:43,4702830","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:43,4703861","wmiprvse.exe","3952","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 20, Data: Error3725"
"12:26:43,4712305","wmiprvse.exe","3952","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS",""
"12:26:43,4721513","wmiprvse.exe","3952","RegOpenKey","HKLM\Software\Policies\Microsoft\System\DNSclient","NAME NOT FOUND","Desired Access: Read"
"12:26:43,4730344","wmiprvse.exe","3952","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read"
"12:26:43,4731147","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4738331","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4739166","wmiprvse.exe","3952","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"
"12:26:43,4742375","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4746373","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4747208","wmiprvse.exe","3952","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:26:43,4751178","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4754817","wmiprvse.exe","3952","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS",""
"12:26:43,4756417","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 975932, endtime: 975932, seqnum: 0, connid: 0"
"12:26:43,4764044","wmiprvse.exe","3952","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read"
"12:26:43,4771671","wmiprvse.exe","3952","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"
"12:26:43,4778888","wmiprvse.exe","3952","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 20, Data: Error3725"
"12:26:43,4786917","wmiprvse.exe","3952","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS",""
"12:26:43,4794926","wmiprvse.exe","3952","RegOpenKey","HKLM\Software\Policies\Microsoft\System\DNSclient","NAME NOT FOUND","Desired Access: Read"
"12:26:43,4795328","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:43,4802181","wmiprvse.exe","3952","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read"
"12:26:43,4809369","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4809397","wmiprvse.exe","3952","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"
"12:26:43,4815415","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4816614","wmiprvse.exe","3952","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:26:43,4819800","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4823840","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4824615","wmiprvse.exe","3952","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS",""
"12:26:43,4827847","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,4833436","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 975933, endtime: 975933, seqnum: 0, connid: 0"
"12:26:43,4894198","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4908230","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:43,4913455","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:43,4931905","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,4944757","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:43,4955193","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,4991286","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5003713","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:43,5013752","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:43,5015730","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5024967","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975933, endtime: 975933, seqnum: 0, connid: 0"
"12:26:43,5053881","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5066709","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:43,5075927","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:43,5087548","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5094359","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5098800","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5103190","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5107607","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5112454","svchost.exe","512","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:43,5115235","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5115654","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5121654","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975933, endtime: 975933, seqnum: 0, connid: 0"
"12:26:43,5124462","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,5129290","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:43,5138942","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:43,5140136","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,5149364","svchost.exe","512","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,5159771","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:43,5166587","svchost.exe","512","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,5170599","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5174228","svchost.exe","512","RegOpenKey","HKCR\Clsid\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\Implemented Categories\{00000003-0000-0000-C000-000000000046}","SUCCESS","Desired Access: Read"
"12:26:43,5176607","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5181020","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5183460","svchost.exe","512","RegCloseKey","HKCR","SUCCESS",""
"12:26:43,5185065","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5189889","svchost.exe","512","RegCloseKey","HKCR\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\Implemented Categories\{00000003-0000-0000-C000-000000000046}","SUCCESS",""
"12:26:43,5191060","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975933, endtime: 975933, seqnum: 0, connid: 0"
"12:26:43,5209533","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
"12:26:43,5209934","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5217967","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
"12:26:43,5223565","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:43,5226369","svchost.exe","512","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\wmi","NAME NOT FOUND","Length: 532"
"12:26:43,5228804","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:43,5235997","svchost.exe","512","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
"12:26:43,5244852","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
"12:26:43,5253678","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
"12:26:43,5263269","svchost.exe","512","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\wmi","NAME NOT FOUND","Length: 532"
"12:26:43,5271694","svchost.exe","512","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
"12:26:43,5279340","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read"
"12:26:43,5286967","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read"
"12:26:43,5292603","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5294977","svchost.exe","512","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\wmi","NAME NOT FOUND","Length: 532"
"12:26:43,5301018","svchost.exe","512","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS",""
"12:26:43,5304209","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:43,5307437","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read"
"12:26:43,5308650","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:43,5314645","svchost.exe","512","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read"
"12:26:43,5322682","svchost.exe","512","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\wmi","NAME NOT FOUND","Length: 532"
"12:26:43,5334984","svchost.exe","512","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS",""
"12:26:43,5348349","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5355939","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975933, endtime: 975933, seqnum: 0, connid: 0"
"12:26:43,5370014","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5382469","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:43,5388482","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:43,5409321","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5415339","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5419738","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5423768","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5427780","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5435408","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5441407","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975933, endtime: 975933, seqnum: 0, connid: 0"
"12:26:43,5453475","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5465879","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:43,5471113","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:43,5490324","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5495964","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5499966","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5503568","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5508788","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975933, endtime: 975933, seqnum: 0, connid: 0"
"12:26:43,5532925","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5544942","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:43,5549751","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:43,5607523","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5617968","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:43,5622385","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:43,5680940","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5692169","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:43,5694404","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5696601","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:43,5697207","wmiprvse.exe","3952","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:43,5701219","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5706430","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975933, endtime: 975933, seqnum: 0, connid: 0"
"12:26:43,5709215","wmiprvse.exe","3952","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,5718979","wmiprvse.exe","3952","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:43,5736911","wmiprvse.exe","3952","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,5745733","wmiprvse.exe","3952","RegOpenKey","HKCR\Interface\{49353C93-516B-11D1-AEA6-00C04FB68820}","NAME NOT FOUND","Desired Access: Read"
"12:26:43,5756192","wmiprvse.exe","3952","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:43,5756770","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5758212","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5763012","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5765829","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5766221","wmiprvse.exe","3952","RegOpenKey","HKCR\Wow6432Node\Interface\{49353C93-516B-11D1-AEA6-00C04FB68820}","NAME NOT FOUND","Desired Access: Read"
"12:26:43,5767616","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:43,5768633","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5771050","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5773233","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:43,5776648","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,5777464","wmiprvse.exe","3952","RegCloseKey","HKCR","SUCCESS",""
"12:26:43,5780669","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975933, endtime: 975934, seqnum: 0, connid: 0"
"12:26:43,5835413","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5847033","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:43,5851875","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:43,5909623","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5920068","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:43,5924491","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:43,5943328","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5955774","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,5973837","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,5988662","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:43,5993878","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,6032383","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,6051654","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:43,6062467","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:43,6070104","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:43,6088652","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:43,6099508","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:43,6119586","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,6127997","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:43,6133203","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:43,6138829","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975934, endtime: 975934, seqnum: 0, connid: 0"
"12:26:43,6139641","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:26:43,6168526","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:43,6174927","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 908, startime: 975934, endtime: 975934, seqnum: 0, connid: 0"
"12:26:43,6180189","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.613.824, Length: 8.192"
"12:26:43,6191823","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.613.824, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,6253681","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.097.728, Length: 8.192"
"12:26:43,6264509","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.097.728, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,6305187","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 245.760, Length: 8.192"
"12:26:43,6316024","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 245.760, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,6350377","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:43,6373072","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.630.208, Length: 8.192"
"12:26:43,6381885","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.630.208, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,6412184","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,6424224","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:43,6431012","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:43,6448300","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,6462864","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:43,6479724","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,6506659","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.900.544, Length: 8.192"
"12:26:43,6515098","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.900.544, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,6525856","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,6539897","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:43,6545481","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.785.856, Length: 8.192"
"12:26:43,6549148","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:43,6555511","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.785.856, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,6585232","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,6597282","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:43,6605310","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:43,6620355","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\wbemcore.dll","SUCCESS","Offset: 1.182.720, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:43,6642397","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\wbemcore.dll","SUCCESS","Offset: 1.178.624, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:43,6642630","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,6654656","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:43,6658006","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.940.352, Length: 8.192"
"12:26:43,6663049","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:43,6672859","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.940.352, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,6700695","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.309.568, Length: 8.192"
"12:26:43,6721529","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.309.568, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,6726875","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:43,6772882","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.203.648, Length: 8.192"
"12:26:43,6782930","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.203.648, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,6787861","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,6799491","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:43,6804286","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:43,6889180","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,6891069","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 8.921.088, Length: 8.192"
"12:26:43,6903198","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:43,6905890","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 8.921.088, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,6908418","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:43,6978225","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,6988712","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.862.592, Length: 8.192"
"12:26:43,6990261","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:43,6994702","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:43,7001933","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.862.592, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7058100","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.056.320, Length: 8.192"
"12:26:43,7071367","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.056.320, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7081635","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,7095671","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:43,7100896","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:43,7161205","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.014.208, Length: 8.192"
"12:26:43,7165063","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,7176306","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:43,7180728","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:43,7218207","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.695.744, Length: 8.192"
"12:26:43,7227033","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.695.744, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7237707","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,7248945","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:43,7254958","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:43,7275148","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.359.424, Length: 8.192"
"12:26:43,7285593","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.359.424, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7313923","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,7324751","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:43,7329976","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:43,7349937","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.688.832, Length: 8.192"
"12:26:43,7361968","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.688.832, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7386935","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,7397768","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:43,7402195","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:43,7407298","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 589.824, Length: 8.192"
"12:26:43,7419352","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 589.824, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7454228","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.219.456, Length: 8.192"
"12:26:43,7459145","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,7465499","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.219.456, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7471195","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:43,7475617","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:43,7490862","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,7504106","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,7515200","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.196.160, Length: 8.192"
"12:26:43,7522552","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,7525663","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.196.160, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7537801","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:43,7543810","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:43,7563459","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:43,7577566","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.941.504, Length: 8.192"
"12:26:43,7598806","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.941.504, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7608000","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:43,7664120","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 688.128, Length: 8.192"
"12:26:43,7676548","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 688.128, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7735812","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:43,7760914","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.024.000, Length: 8.192"
"12:26:43,7777750","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.024.000, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7864179","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:43,7869408","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:26:43,7870439","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.826.816, Length: 8.192"
"12:26:43,7884080","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.826.816, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,7919007","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:43,7926247","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:43,7944711","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:26:43,7964094","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.739.712, Length: 8.192"
"12:26:43,7977305","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.739.712, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8070787","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.846.208, Length: 8.192"
"12:26:43,8082431","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.846.208, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8156646","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.601.024, Length: 8.192"
"12:26:43,8170301","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.601.024, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8248132","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 770.048, Length: 8.192"
"12:26:43,8258549","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 770.048, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8341184","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.321.920, Length: 8.192"
"12:26:43,8352833","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.321.920, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8400980","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.326.080, Length: 8.192"
"12:26:43,8418259","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.326.080, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8578572","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.042.816, Length: 8.192"
"12:26:43,8590995","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.042.816, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8703086","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.467.648, Length: 8.192"
"12:26:43,8714711","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.467.648, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8759649","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 434.176, Length: 8.192"
"12:26:43,8772492","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 434.176, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8807787","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.244.032, Length: 8.192"
"12:26:43,8819827","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.244.032, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8864784","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.908.160, Length: 8.192"
"12:26:43,8875210","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.908.160, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,8946202","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.175.040, Length: 8.192"
"12:26:43,8956633","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.175.040, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,9030461","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.187.968, Length: 8.192"
"12:26:43,9040486","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.187.968, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,9081021","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.329.536, Length: 8.192"
"12:26:43,9092235","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.329.536, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,9101836","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.784.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9110261","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.784.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9115462","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.784.859, Length: 1.460"
"12:26:43,9123104","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.786.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9183954","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.786.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9191581","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.786.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9196806","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.786.319, Length: 2.920"
"12:26:43,9204811","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.789.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9251666","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.925.120, Length: 8.192"
"12:26:43,9270084","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.925.120, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,9278359","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.789.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9284382","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.789.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9289971","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.789.239, Length: 4.380"
"12:26:43,9297994","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.793.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9348913","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.793.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9356913","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.793.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9362931","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.793.619, Length: 1.460"
"12:26:43,9371379","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.795.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9396752","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.589.376, Length: 8.192"
"12:26:43,9406372","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.589.376, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,9442096","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.795.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9449733","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.795.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9455737","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.795.079, Length: 3.472"
"12:26:43,9463359","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.798.551, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9603132","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.798.551, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9613540","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.798.912, EndOfFile: 405.798.551, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9625986","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.798.551, Length: 8.208, Priority: Normal"
"12:26:43,9635050","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.580.480, Length: 8.192"
"12:26:43,9646307","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.580.480, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,9694034","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.806.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9700486","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.806.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9706490","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.806.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9711295","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.806.759, Length: 5.840"
"12:26:43,9719314","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.812.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9735940","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.286.144, Length: 8.192"
"12:26:43,9751171","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.286.144, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,9782184","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.812.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9788636","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.812.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9793851","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.812.599, Length: 2.920"
"12:26:43,9794551","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 270.336, Length: 8.192"
"12:26:43,9802253","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.815.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9810174","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 270.336, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,9874878","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.815.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9881679","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.815.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9886895","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.815.519, Length: 2.920"
"12:26:43,9893757","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.818.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9916480","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.473.984, Length: 8.192"
"12:26:43,9928119","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.473.984, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:43,9955783","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.818.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9964180","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.818.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:43,9969810","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.818.439, Length: 5.840"
"12:26:43,9978235","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.824.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0005959","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.908.736, Length: 8.192"
"12:26:44,0015952","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.908.736, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0023859","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.824.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0037010","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.824.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0050193","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.824.279, Length: 2.920"
"12:26:44,0060661","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.827.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0091147","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.892.352, Length: 8.192"
"12:26:44,0101181","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.892.352, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0122192","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.827.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0133188","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.090.816, Length: 8.192"
"12:26:44,0136505","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.827.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0145345","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.827.199, Length: 4.932"
"12:26:44,0146427","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.090.816, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0168334","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.832.131, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0216939","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.832.131, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0223778","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.832.131, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0233467","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.221.312, Length: 8.192"
"12:26:44,0238673","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.832.131, Length: 9.668"
"12:26:44,0245111","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.221.312, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0249104","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.841.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0302905","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.841.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0309711","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.841.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0312515","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.564.800, Length: 8.192"
"12:26:44,0314932","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.841.799, Length: 1.460"
"12:26:44,0321733","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.843.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0322960","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.564.800, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0395496","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.843.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0403520","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.843.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0408348","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.843.259, Length: 2.920"
"12:26:44,0416036","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.850.816, Length: 8.192"
"12:26:44,0417160","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.846.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0427241","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.850.816, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0476616","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.846.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0481822","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.875.392, Length: 8.192"
"12:26:44,0484257","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.846.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0489477","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.846.179, Length: 5.840"
"12:26:44,0490256","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.875.392, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0499110","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.852.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0558249","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.852.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0568666","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.852.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0576307","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.852.019, Length: 2.920"
"12:26:44,0581951","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.253.376, Length: 8.192"
"12:26:44,0585544","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.854.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0593189","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.253.376, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0638230","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.854.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0645871","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.854.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0651483","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.854.939, Length: 1.460"
"12:26:44,0661126","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.856.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0662717","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.679.360, Length: 8.192"
"12:26:44,0672760","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.679.360, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0729417","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.856.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0737343","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 131.072, Length: 8.192"
"12:26:44,0737436","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.856.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0743048","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.856.399, Length: 2.920"
"12:26:44,0749784","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 131.072, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0762310","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.859.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0817436","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.859.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0825040","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.859.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0840257","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.859.319, Length: 2.920"
"12:26:44,0851892","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.862.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0898201","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.862.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0905824","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.862.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0911049","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.862.239, Length: 1.460"
"12:26:44,0912887","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.220.736, Length: 8.192"
"12:26:44,0918680","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.863.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0925295","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.220.736, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0964220","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.753.088, Length: 8.192"
"12:26:44,0973863","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.753.088, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,0977394","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.863.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0989845","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.863.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,0995863","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.863.699, Length: 2.920"
"12:26:44,1003677","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.204.352, Length: 8.192"
"12:26:44,1005072","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.866.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1013333","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.204.352, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,1065269","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.866.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1072070","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.866.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1077276","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.866.619, Length: 5.840"
"12:26:44,1092839","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.396.224, Length: 8.192"
"12:26:44,1095806","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.872.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1103251","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.396.224, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,1156997","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.872.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1164204","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.872.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1169004","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.872.459, Length: 2.920"
"12:26:44,1177028","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.875.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1197997","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.082.624, Length: 8.192"
"12:26:44,1208442","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.082.624, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,1222470","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.875.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1239726","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.875.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1246560","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.875.379, Length: 1.460"
"12:26:44,1255764","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.876.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1318354","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.876.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1325189","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.876.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1333217","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.876.839, Length: 1.460"
"12:26:44,1340840","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.878.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1341642","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.727.936, Length: 8.192"
"12:26:44,1351238","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.727.936, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,1391758","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.878.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1400188","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.878.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1401489","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.302.528, Length: 8.192"
"12:26:44,1406215","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.878.299, Length: 4.380"
"12:26:44,1412741","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.302.528, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,1415829","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.882.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1468012","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.882.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1474408","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.882.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1478844","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.882.679, Length: 2.920"
"12:26:44,1486047","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.885.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1523866","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.481.152, Length: 8.192"
"12:26:44,1535337","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.885.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1547658","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.885.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1559031","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.885.599, Length: 2.920"
"12:26:44,1562380","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.450.112, Length: 8.192"
"12:26:44,1568641","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.888.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1573604","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.450.112, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,1606637","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.888.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1613868","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.888.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1619475","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.888.519, Length: 4.380"
"12:26:44,1633125","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.892.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1652252","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.941.504, Length: 8.192"
"12:26:44,1663070","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.941.504, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,1680452","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.892.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1686899","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.892.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1692105","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.892.899, Length: 1.460"
"12:26:44,1700133","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.894.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1717272","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.400.960, Length: 8.192"
"12:26:44,1727717","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.400.960, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,1786618","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.894.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1793825","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.894.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1798271","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.894.359, Length: 5.840"
"12:26:44,1806677","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.900.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1810871","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.387.456, Length: 8.192"
"12:26:44,1822879","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.387.456, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,1858435","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.900.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1865666","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.900.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1871371","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.432.576, Length: 8.192"
"12:26:44,1871968","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.900.199, Length: 2.920"
"12:26:44,1882227","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.432.576, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,1885996","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.903.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1933812","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.903.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1942247","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.903.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1948656","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.903.119, Length: 2.920"
"12:26:44,1957893","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.906.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,1965110","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.293.184, Length: 8.192"
"12:26:44,1979963","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.293.184, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,2011597","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.906.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2019639","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.906.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2026431","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.906.039, Length: 2.920"
"12:26:44,2035257","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.908.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2077009","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.138.112, Length: 8.192"
"12:26:44,2090398","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.908.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2091037","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.138.112, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,2098025","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.908.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2104827","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.908.959, Length: 1.460"
"12:26:44,2112445","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.910.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2120608","PrintIsolationHost.exe","9596","RegCloseKey","HKCR","SUCCESS",""
"12:26:44,2154457","PrintIsolationHost.exe","9596","Thread Exit","","SUCCESS","Thread ID: 9444, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:26:44,2158740","PrintIsolationHost.exe","9596","Thread Exit","","SUCCESS","Thread ID: 9340, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:26:44,2161954","PrintIsolationHost.exe","9596","Thread Exit","","SUCCESS","Thread ID: 9604, User Time: 0.0936006, Kernel Time: 0.0624004"
"12:26:44,2174811","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.910.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2182933","PrintIsolationHost.exe","9596","Thread Exit","","SUCCESS","Thread ID: 9656, User Time: 0.0936006, Kernel Time: 0.0624004"
"12:26:44,2183222","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.910.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2189235","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.910.419, Length: 2.920"
"12:26:44,2197250","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.913.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2264108","PrintIsolationHost.exe","9596","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize","SUCCESS","Desired Access: Read"
"12:26:44,2264519","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.913.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2274166","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.913.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2275771","PrintIsolationHost.exe","9596","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\GRE_Initialize\DisableMetaFiles","NAME NOT FOUND","Length: 20"
"12:26:44,2282969","PrintIsolationHost.exe","9596","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\GRE_Initialize","SUCCESS",""
"12:26:44,2284196","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.913.339, Length: 4.380"
"12:26:44,2293400","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.917.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2299044","PrintIsolationHost.exe","9596","Thread Exit","","SUCCESS","Thread ID: 1128, User Time: 0.0468003, Kernel Time: 0.0780005"
"12:26:44,2336122","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.917.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2341146","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\spool\drivers\x64\3\EUDMUI64.DLL","SUCCESS","Name: \Windows\System32\spool\drivers\x64\3\EUDMUI64.DLL"
"12:26:44,2346497","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.917.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2347700","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.166.272, Length: 8.192"
"12:26:44,2353975","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL","SUCCESS","Name: \PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL"
"12:26:44,2362806","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.166.272, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,2367223","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\user32.dll","SUCCESS","Name: \Windows\System32\user32.dll"
"12:26:44,2369010","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.917.719, Length: 1.460"
"12:26:44,2376446","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\kernel32.dll","SUCCESS","Name: \Windows\System32\kernel32.dll"
"12:26:44,2379534","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:26:44,2380183","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.919.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2385268","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\ntdll.dll","SUCCESS","Name: \Windows\System32\ntdll.dll"
"12:26:44,2390777","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:26:44,2392923","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\psapi.dll","SUCCESS","Name: \Windows\System32\psapi.dll"
"12:26:44,2400951","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\PrintIsolationHost.exe","SUCCESS","Name: \Windows\System32\PrintIsolationHost.exe"
"12:26:44,2407244","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:26:44,2408971","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\spool\drivers\x64\3\PS5UI.DLL","SUCCESS","Name: \Windows\System32\spool\drivers\x64\3\PS5UI.DLL"
"12:26:44,2416173","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.219.008, Length: 8.192"
"12:26:44,2416980","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\wsnmp32.dll","SUCCESS","Name: \Windows\System32\wsnmp32.dll"
"12:26:44,2417694","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:26:44,2425009","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\snmpapi.dll","SUCCESS","Name: \Windows\System32\snmpapi.dll"
"12:26:44,2435039","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\PrintIsolationProxy.dll","SUCCESS","Name: \Windows\System32\PrintIsolationProxy.dll"
"12:26:44,2440963","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.919.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2445227","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:26:44,2448166","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.919.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2450456","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\spoolss.dll","SUCCESS","Name: \Windows\System32\spoolss.dll"
"12:26:44,2453381","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.919.179, Length: 2.920"
"12:26:44,2455672","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:44,2461023","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.922.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2462501","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\winspool.drv","SUCCESS","Name: \Windows\System32\winspool.drv"
"12:26:44,2466900","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:44,2472135","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\mgmtapi.dll","SUCCESS","Name: \Windows\System32\mgmtapi.dll"
"12:26:44,2475545","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.008.896, Length: 8.192"
"12:26:44,2476921","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:44,2481329","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\IPHLPAPI.DLL","SUCCESS","Name: \Windows\System32\IPHLPAPI.DLL"
"12:26:44,2485602","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.008.896, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,2487898","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:44,2490174","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\winnsi.dll","SUCCESS","Name: \Windows\System32\winnsi.dll"
"12:26:44,2499136","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:44,2500614","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\version.dll","SUCCESS","Name: \Windows\System32\version.dll"
"12:26:44,2509935","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:44,2510626","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll","SUCCESS","Name: \Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll"
"12:26:44,2512622","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.922.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2517572","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:44,2519046","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\rsaenh.dll","SUCCESS","Name: \Windows\System32\rsaenh.dll"
"12:26:44,2520273","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.922.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2523170","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:44,2527489","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\cryptsp.dll","SUCCESS","Name: \Windows\System32\cryptsp.dll"
"12:26:44,2530802","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.922.099, Length: 2.920"
"12:26:44,2531875","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:44,2540318","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.802.240, Length: 8.192"
"12:26:44,2541228","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.925.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2544717","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:44,2545926","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\sspicli.dll","SUCCESS","Name: \Windows\System32\sspicli.dll"
"12:26:44,2552363","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:44,2554738","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.802.240, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,2558348","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\cryptbase.dll","SUCCESS","Name: \Windows\System32\cryptbase.dll"
"12:26:44,2561987","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,2568775","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\RpcRtRemote.dll","SUCCESS","Name: \Windows\System32\RpcRtRemote.dll"
"12:26:44,2569227","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:44,2576827","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:44,2577638","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\profapi.dll","SUCCESS","Name: \Windows\System32\profapi.dll"
"12:26:44,2584454","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:44,2586040","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Name: \Windows\System32\KernelBase.dll"
"12:26:44,2592869","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:44,2594451","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\shlwapi.dll","SUCCESS","Name: \Windows\System32\shlwapi.dll"
"12:26:44,2601322","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:44,2602503","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\msctf.dll","SUCCESS","Name: \Windows\System32\msctf.dll"
"12:26:44,2603725","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.925.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2609332","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:44,2611306","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\imm32.dll","SUCCESS","Name: \Windows\System32\imm32.dll"
"12:26:44,2612136","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.925.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2617771","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:44,2618961","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.925.019, Length: 2.920"
"12:26:44,2619348","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\nsi.dll","SUCCESS","Name: \Windows\System32\nsi.dll"
"12:26:44,2626560","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:44,2628958","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\rpcrt4.dll","SUCCESS","Name: \Windows\System32\rpcrt4.dll"
"12:26:44,2634593","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.927.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2636627","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:44,2637789","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\msvcrt.dll","SUCCESS","Name: \Windows\System32\msvcrt.dll"
"12:26:44,2645813","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\lpk.dll","SUCCESS","Name: \Windows\System32\lpk.dll"
"12:26:44,2646638","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:44,2653850","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\advapi32.dll","SUCCESS","Name: \Windows\System32\advapi32.dll"
"12:26:44,2655483","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:44,2662289","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\oleaut32.dll","SUCCESS","Name: \Windows\System32\oleaut32.dll"
"12:26:44,2668676","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.691.136, Length: 8.192"
"12:26:44,2669240","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.927.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2670705","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\gdi32.dll","SUCCESS","Name: \Windows\System32\gdi32.dll"
"12:26:44,2671521","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,2676452","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.929.984, EndOfFile: 405.927.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2679121","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\shell32.dll","SUCCESS","Name: \Windows\System32\shell32.dll"
"12:26:44,2679559","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:44,2684737","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.691.136, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,2687163","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\clbcatq.dll","SUCCESS","Name: \Windows\System32\clbcatq.dll"
"12:26:44,2688493","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.927.939, Length: 2.920, Priority: Normal"
"12:26:44,2688777","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,2695574","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\usp10.dll","SUCCESS","Name: \Windows\System32\usp10.dll"
"12:26:44,2703178","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\ws2_32.dll","SUCCESS","Name: \Windows\System32\ws2_32.dll"
"12:26:44,2710824","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\sechost.dll","SUCCESS","Name: \Windows\System32\sechost.dll"
"12:26:44,2712051","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,2718419","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\ole32.dll","SUCCESS","Name: \Windows\System32\ole32.dll"
"12:26:44,2720457","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,2725276","PrintIsolationHost.exe","9596","QueryNameInformationFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Name: \Windows\System32\apisetschema.dll"
"12:26:44,2728873","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.236.416, Length: 8.192"
"12:26:44,2738133","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,2746521","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.236.416, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,2748149","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:44,2755463","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.930.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2758178","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,2761519","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.930.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2766188","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,2768213","PrintIsolationHost.exe","9596","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.2340015 seconds, Kernel Time: 0.2496016 seconds, Private Bytes: 3.354.624, Peak Private Bytes: 3.645.440, Working Set: 7.401.472, Peak Working Set: 7.852.032"
"12:26:44,2768325","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.930.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2772607","PrintIsolationHost.exe","9596","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Image File Execution Options","SUCCESS",""
"12:26:44,2773531","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.930.859, Length: 5.840"
"12:26:44,2773839","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,2778644","PrintIsolationHost.exe","9596","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:44,2781951","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.936.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2782656","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,2792289","PrintIsolationHost.exe","9596","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS",""
"12:26:44,2792695","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,2800681","PrintIsolationHost.exe","9596","RegCloseKey","HKLM","SUCCESS",""
"12:26:44,2802696","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,2804311","PrintIsolationHost.exe","9596","RegCloseKey","HKLM\System\CurrentControlSet\Control\SESSION MANAGER","SUCCESS",""
"12:26:44,2809549","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.936.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2809946","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:44,2812325","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 884.736, Length: 8.192"
"12:26:44,2817942","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.936.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2818753","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,2823974","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 884.736, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,2824785","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:44,2834008","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.936.699, Length: 3.472"
"12:26:44,2842806","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,2844840","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.940.171, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2852845","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,2862077","PrintIsolationHost.exe","9596","CloseFile","C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac","SUCCESS",""
"12:26:44,2863253","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,2871706","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:44,2873301","PrintIsolationHost.exe","9596","CloseFile","C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac","SUCCESS",""
"12:26:44,2876403","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.548.416, Length: 8.192"
"12:26:44,2882113","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,2882566","PrintIsolationHost.exe","9596","CloseFile","C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac","SUCCESS",""
"12:26:44,2885757","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.940.171, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2891220","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.548.416, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,2891355","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,2892960","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.940.171, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2894186","PrintIsolationHost.exe","9596","RegCloseKey","HKU\.DEFAULT\Control Panel\International","SUCCESS",""
"12:26:44,2898581","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.940.171, Length: 908"
"12:26:44,2900190","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,2905023","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.941.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,2909399","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,2917413","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,2932677","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,2941093","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:44,2948744","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,2954724","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:44,2984324","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,2992739","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,3001990","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,3009589","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:44,3016125","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.719.744, Length: 8.192"
"12:26:44,3018019","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,3024830","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,3026570","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.719.744, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,3039809","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,3048645","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,3056235","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,3064258","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,3070304","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:44,3077101","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,3081943","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:44,3101088","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,3108305","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,3115116","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,3120747","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:26:44,3127138","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,3169949","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,3179157","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,3187974","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,3194818","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:44,3197850","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.572.864, Length: 8.192"
"12:26:44,3204866","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,3207506","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.572.864, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,3216099","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,3224119","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,3234540","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,3240992","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:44,3248614","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,3253821","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:44,3260235","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:44,3265040","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:44,3315091","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.407.296, Length: 8.192"
"12:26:44,3333541","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.407.296, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,3392128","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.247.616, Length: 8.192"
"12:26:44,3402149","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.247.616, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,3504392","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.261.120, Length: 8.192"
"12:26:44,3514818","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.261.120, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,3560647","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.317.888, Length: 8.192"
"12:26:44,3571456","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.317.888, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,3627459","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.204.928, Length: 8.192"
"12:26:44,3639513","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.204.928, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,3888998","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.605.056, Length: 8.192"
"12:26:44,3898668","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.605.056, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,3975948","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.571.840, Length: 8.192"
"12:26:44,3986379","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.571.840, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,4050700","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,4059144","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:44,4068759","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:44,4077589","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:26:44,4083999","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:44,4090833","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,4097635","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:44,4104054","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:44,4110487","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:26:44,4116099","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:44,4121305","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,4126138","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:44,4132963","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:44,4139312","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.965.632, Length: 8.192"
"12:26:44,4139765","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:26:44,4144985","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:44,4149813","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,4155411","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:44,4161032","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:44,4161387","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.965.632, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,4166658","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:26:44,4172266","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:44,4229515","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.687.552, Length: 8.192"
"12:26:44,4240739","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.687.552, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,4415793","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.784.256, Length: 8.192"
"12:26:44,4443489","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.122.304, Length: 8.192"
"12:26:44,4455133","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.122.304, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,4486523","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.818.624, Length: 8.192"
"12:26:44,4497355","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.818.624, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,4553251","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.468.800, Length: 8.192"
"12:26:44,4564079","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.468.800, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,4611615","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.638.400, Length: 8.192"
"12:26:44,4623231","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.638.400, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,4640524","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:44,4648156","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:44,4654967","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:44,4662982","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:44,4671831","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:44,4689843","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.245.312, Length: 8.192"
"12:26:44,4701855","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.245.312, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,4800580","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.252.224, Length: 8.192"
"12:26:44,4813428","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.252.224, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,4868097","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.957.888, Length: 8.192"
"12:26:44,4881719","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.957.888, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,4969584","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 696.320, Length: 8.192"
"12:26:44,4980407","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 696.320, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,5064120","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 8.921.088, Length: 8.192"
"12:26:44,5117068","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.560.064, Length: 8.192"
"12:26:44,5131889","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.560.064, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,5186413","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.179.072, Length: 8.192"
"12:26:44,5200460","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.179.072, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,5319739","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.108.352, Length: 8.192"
"12:26:44,5332157","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.108.352, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,5417606","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.121.728, Length: 8.192"
"12:26:44,5443777","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.121.728, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,5477397","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.609.216, Length: 8.192"
"12:26:44,5491210","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.609.216, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,5550656","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.015.808, Length: 8.192"
"12:26:44,5562314","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.015.808, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,5750710","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.486.336, Length: 8.192"
"12:26:44,5763954","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.486.336, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,5768260","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,5777081","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975943, endtime: 975944, seqnum: 0, connid: 0"
"12:26:44,5803569","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,5809592","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975944, endtime: 975944, seqnum: 0, connid: 0"
"12:26:44,5830953","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.415.488, Length: 8.192"
"12:26:44,5845811","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.415.488, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,5998674","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.776.064, Length: 8.192"
"12:26:44,6079289","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.220.608, Length: 8.192"
"12:26:44,6090947","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.220.608, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,6107354","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,6115383","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975944, endtime: 975944, seqnum: 0, connid: 0"
"12:26:44,6149479","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,6155907","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,6161515","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975944, endtime: 975944, seqnum: 0, connid: 0"
"12:26:44,6238161","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.867.776, Length: 8.192"
"12:26:44,6248190","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.867.776, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,6293362","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.941.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6301371","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.941.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6306190","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.941.079, Length: 1.460"
"12:26:44,6313822","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.942.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6364797","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.942.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6372009","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.942.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6377229","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.942.539, Length: 1.460"
"12:26:44,6384828","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.943.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6435527","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.943.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6443561","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.943.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6449564","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.943.999, Length: 1.460"
"12:26:44,6456795","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.945.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6461171","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,6469624","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975944, endtime: 975944, seqnum: 0, connid: 0"
"12:26:44,6470958","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.268.608, Length: 8.192"
"12:26:44,6488634","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.268.608, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,6502913","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,6508941","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,6514944","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975944, endtime: 975944, seqnum: 0, connid: 0"
"12:26:44,6538381","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 688.128, Length: 8.192"
"12:26:44,6601340","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.125.888, Length: 8.192"
"12:26:44,6612592","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.125.888, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,6693166","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.490.944, Length: 8.192"
"12:26:44,6704399","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.490.944, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,6775611","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.945.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6783639","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.945.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6789242","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.945.459, Length: 2.920"
"12:26:44,6794457","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 3.227.648, Length: 8.192"
"12:26:44,6796916","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.948.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6804347","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,6812763","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975945, endtime: 975945, seqnum: 0, connid: 0"
"12:26:44,6833373","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.032.320, Length: 8.192"
"12:26:44,6844046","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,6846999","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.032.320, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,6849271","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,6854095","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975945, endtime: 975945, seqnum: 0, connid: 0"
"12:26:44,6922292","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.948.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6935690","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.948.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6944101","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.948.379, Length: 1.460"
"12:26:44,6949177","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.515.520, Length: 8.192"
"12:26:44,6952549","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.949.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,6961240","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.515.520, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,7008553","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.581.184, Length: 8.192"
"12:26:44,7019408","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.581.184, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,7073564","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.998.848, Length: 8.192"
"12:26:44,7084009","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.998.848, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,7088058","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.949.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,7096077","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.949.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,7103369","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.949.839, Length: 2.920"
"12:26:44,7111383","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.952.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,7121245","Explorer.EXE","2816","ReadFile","C:\Windows\System32\duser.dll","SUCCESS","Offset: 228.864, Length: 14.848, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:44,7154161","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,7156424","Explorer.EXE","2816","ReadFile","C:\Windows\System32\duser.dll","SUCCESS","Offset: 204.288, Length: 3.584, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:44,7161397","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,7167415","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975945, endtime: 975945, seqnum: 0, connid: 0"
"12:26:44,7181727","Explorer.EXE","2816","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:44,7192302","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,7195372","Explorer.EXE","2816","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,7198726","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975945, endtime: 975945, seqnum: 0, connid: 0"
"12:26:44,7204212","Explorer.EXE","2816","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,7215030","Explorer.EXE","2816","RegOpenKey","HKCU\Software\Classes\Applications\Procmon64.exe","NAME NOT FOUND","Desired Access: Read"
"12:26:44,7225881","Explorer.EXE","2816","RegOpenKey","HKCR\Applications\Procmon64.exe","NAME NOT FOUND","Desired Access: Read"
"12:26:44,7239097","Explorer.EXE","2816","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:44,7245670","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.042.816, Length: 8.192"
"12:26:44,7247144","Explorer.EXE","2816","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:44,7257976","Explorer.EXE","2816","RegOpenKey","HKCU\Software\Classes\Applications\Procmon64.exe","NAME NOT FOUND","Desired Access: Read"
"12:26:44,7269191","Explorer.EXE","2816","RegOpenKey","HKCR\Applications\Procmon64.exe","NAME NOT FOUND","Desired Access: Read"
"12:26:44,7281805","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.056.320, Length: 8.192"
"12:26:44,7351593","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.014.208, Length: 8.192"
"12:26:44,7352554","Explorer.EXE","2816","CreateFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:44,7377689","Explorer.EXE","2816","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","CreationTime: 06.10.2013 12:25:43, LastAccessTime: 06.10.2013 12:25:43, LastWriteTime: 06.10.2013 12:25:47, ChangeTime: 06.10.2013 12:25:47, FileAttributes: HA"
"12:26:44,7388899","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 884.736, Length: 8.192"
"12:26:44,7394959","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS",""
"12:26:44,7401332","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 884.736, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,7475939","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,7482824","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975945, endtime: 975945, seqnum: 0, connid: 0"
"12:26:44,7512102","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,7517350","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,7522164","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975945, endtime: 975945, seqnum: 0, connid: 0"
"12:26:44,7546464","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.491.072, Length: 8.192"
"12:26:44,7563473","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.491.072, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,7644355","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.867.328, Length: 8.192"
"12:26:44,7657211","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.867.328, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,7700941","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.606.336, Length: 8.192"
"12:26:44,7712585","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.606.336, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,7811264","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 573.440, Length: 8.192"
"12:26:44,7813671","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,7822096","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975946, endtime: 975946, seqnum: 0, connid: 0"
"12:26:44,7858576","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,7862751","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.952.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,7864617","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,7870612","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975946, endtime: 975946, seqnum: 0, connid: 0"
"12:26:44,7871587","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.952.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,7873472","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.342.912, Length: 8.192"
"12:26:44,7877983","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.952.759, Length: 1.460"
"12:26:44,7885493","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.342.912, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,7886034","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.954.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,7974063","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.954.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,7974665","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.899.968, Length: 8.192"
"12:26:44,7982516","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.954.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,7985921","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.899.968, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,7988510","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.954.219, Length: 2.920"
"12:26:44,7998745","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.957.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8046902","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.957.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8053312","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.957.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8062530","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.957.139, Length: 2.920"
"12:26:44,8070992","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.960.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8097228","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.423.680, Length: 8.192"
"12:26:44,8112893","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.423.680, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,8125689","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.960.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8133326","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.960.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8138910","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.960.059, Length: 1.460"
"12:26:44,8146164","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.961.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8160103","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,8166503","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975946, endtime: 975946, seqnum: 0, connid: 0"
"12:26:44,8196336","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.961.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8204215","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,8208395","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.961.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8209865","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,8211665","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.538.496, Length: 8.192"
"12:26:44,8213881","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,8214791","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.961.519, Length: 1.460"
"12:26:44,8219083","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975946, endtime: 975946, seqnum: 0, connid: 0"
"12:26:44,8233525","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.962.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8244973","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.449.536, Length: 8.192"
"12:26:44,8256986","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.449.536, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,8265630","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.962.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8272030","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.962.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8276826","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.962.979, Length: 2.920"
"12:26:44,8283268","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.965.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8417802","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.679.360, Length: 8.192"
"12:26:44,8478811","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.933.312, Length: 8.192"
"12:26:44,8490833","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.933.312, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,8516971","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 770.048, Length: 8.192"
"12:26:44,8571118","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,8574742","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.467.648, Length: 8.192"
"12:26:44,8578759","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,8584777","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975946, endtime: 975946, seqnum: 0, connid: 0"
"12:26:44,8605228","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.793.472, Length: 8.192"
"12:26:44,8615267","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,8616876","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.793.472, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,8620907","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,8626123","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975946, endtime: 975946, seqnum: 0, connid: 0"
"12:26:44,8672222","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.809.856, Length: 8.192"
"12:26:44,8681874","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.809.856, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,8718737","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.965.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8726341","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.965.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8733175","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.965.899, Length: 1.460"
"12:26:44,8740807","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.967.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8817896","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.967.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8825929","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.967.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8832320","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.967.359, Length: 2.920"
"12:26:44,8833902","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.105.920, Length: 8.192"
"12:26:44,8840349","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.970.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8847948","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.105.920, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,8885454","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.970.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8892699","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.970.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8897500","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.970.279, Length: 1.460"
"12:26:44,8904730","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.971.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8945036","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.761.280, Length: 8.192"
"12:26:44,8949612","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.971.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8956460","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.971.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8957566","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.761.280, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,8960664","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,8964885","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.971.739, Length: 2.920"
"12:26:44,8968701","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975947, endtime: 975947, seqnum: 0, connid: 0"
"12:26:44,8972531","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.974.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,8984973","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.473.984, Length: 8.192"
"12:26:44,9007603","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9013630","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9018034","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9020324","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.974.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9023646","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975947, endtime: 975947, seqnum: 0, connid: 0"
"12:26:44,9029570","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.974.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9041951","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.974.659, Length: 1.460"
"12:26:44,9049961","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.976.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9056571","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.601.024, Length: 8.192"
"12:26:44,9170099","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.059.200, Length: 8.192"
"12:26:44,9273610","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.785.856, Length: 8.192"
"12:26:44,9282847","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.785.856, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,9336037","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.976.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9344868","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.976.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9350476","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.976.119, Length: 2.920"
"12:26:44,9352104","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.284.992, Length: 8.192"
"12:26:44,9358490","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.979.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9358905","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9366495","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975947, endtime: 975947, seqnum: 0, connid: 0"
"12:26:44,9370535","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.284.992, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,9404622","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9409842","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9413448","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9417871","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.979.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9418277","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975947, endtime: 975947, seqnum: 0, connid: 0"
"12:26:44,9424719","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.979.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9431507","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.979.039, Length: 2.920"
"12:26:44,9439927","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.981.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9449154","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.933.312, Length: 8.192"
"12:26:44,9460397","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.933.312, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,9487533","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.981.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9495156","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.981.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9500791","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.981.959, Length: 1.460"
"12:26:44,9509202","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.983.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9529122","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.862.592, Length: 8.192"
"12:26:44,9552983","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.983.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9559430","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.983.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9565028","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.983.419, Length: 2.920"
"12:26:44,9572240","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.986.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9618993","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.846.208, Length: 8.192"
"12:26:44,9619576","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.986.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9625589","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.986.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9631640","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.986.339, Length: 1.460"
"12:26:44,9638838","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.987.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9703630","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.294.336, Length: 8.192"
"12:26:44,9716888","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.294.336, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,9726311","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.987.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9732754","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.987.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9737978","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.987.799, Length: 1.460"
"12:26:44,9744794","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.989.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9759937","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9768763","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975947, endtime: 975947, seqnum: 0, connid: 0"
"12:26:44,9810771","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9817596","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9821986","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:44,9825205","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.989.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9827621","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975948, endtime: 975948, seqnum: 0, connid: 0"
"12:26:44,9833219","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.989.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9838458","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.989.259, Length: 2.920"
"12:26:44,9846057","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.992.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9875890","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.351.104, Length: 8.192"
"12:26:44,9887912","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.351.104, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:44,9897032","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.992.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9903861","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.992.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9909464","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.992.179, Length: 1.460"
"12:26:44,9916704","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.993.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:44,9938914","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.163.392, Length: 8.192"
"12:26:44,9950548","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.163.392, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,0011865","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.974.272, Length: 8.192"
"12:26:45,0022320","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.974.272, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,0135460","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.924.672, Length: 8.192"
"12:26:45,0160660","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,0167140","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.572.416, Length: 8.192"
"12:26:45,0167905","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975948, endtime: 975948, seqnum: 0, connid: 0"
"12:26:45,0177977","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.572.416, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,0208453","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,0215264","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,0219658","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,0224883","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975948, endtime: 975948, seqnum: 0, connid: 0"
"12:26:45,0240959","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.572.864, Length: 8.192"
"12:26:45,0335831","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.993.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0343850","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.993.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0349070","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.993.639, Length: 1.460"
"12:26:45,0356305","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.995.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0405633","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.995.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0412085","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 405.995.520, EndOfFile: 405.995.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0421718","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.995.099, Length: 2.920, Priority: Normal"
"12:26:45,0475846","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 405.998.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0482293","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 405.998.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0488306","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 405.998.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0493522","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.998.019, Length: 1.460"
"12:26:45,0500720","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 405.999.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0551410","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.396.224, Length: 8.192"
"12:26:45,0559312","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,0564145","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 405.999.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0567733","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975948, endtime: 975948, seqnum: 0, connid: 0"
"12:26:45,0570965","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 405.999.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0576172","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 405.999.479, Length: 1.460"
"12:26:45,0581513","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 860.160, Length: 8.192"
"12:26:45,0584573","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.000.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0591781","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,0594752","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 860.160, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,0597812","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975948, endtime: 975948, seqnum: 0, connid: 0"
"12:26:45,0696925","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.325.376, Length: 8.192"
"12:26:45,0710575","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.325.376, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,0759959","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.000.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0767996","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.000.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0773613","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.000.939, Length: 4.380"
"12:26:45,0783246","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.005.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0812127","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.785.856, Length: 8.192"
"12:26:45,0824956","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.005.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0832210","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.005.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0837794","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.005.319, Length: 1.460"
"12:26:45,0844633","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.006.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0913400","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.006.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0920999","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.006.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0923667","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.985.472, Length: 8.192"
"12:26:45,0926648","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.006.779, Length: 1.460"
"12:26:45,0936244","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.008.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,0938521","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.985.472, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,1075373","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.875.392, Length: 8.192"
"12:26:45,1317286","services.exe","764","Thread Create","","SUCCESS","Thread ID: 1208"
"12:26:45,1336557","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.204.928, Length: 8.192"
"12:26:45,1459741","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.813.440, Length: 8.192"
"12:26:45,1473358","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.813.440, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,1534628","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.851.392, Length: 8.192"
"12:26:45,1547490","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.851.392, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,1576170","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.481.152, Length: 8.192"
"12:26:45,1609856","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.712.128, Length: 8.192"
"12:26:45,1622713","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.712.128, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,1726402","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.431.872, Length: 8.192"
"12:26:45,1739245","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.431.872, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,1913006","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.727.936, Length: 8.192"
"12:26:45,2055448","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.949.696, Length: 8.192"
"12:26:45,2065864","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.949.696, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,2231155","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.993.664, Length: 8.192"
"12:26:45,2242355","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.993.664, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,2336584","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 73.728, Length: 8.192"
"12:26:45,2349422","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 73.728, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,2452182","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 3.129.344, Length: 8.192"
"12:26:45,2464218","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 3.129.344, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,2557164","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.220.736, Length: 8.192"
"12:26:45,2669525","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 9.175.040, Length: 8.192"
"12:26:45,2701620","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.196.032, Length: 8.192"
"12:26:45,2714075","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.196.032, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,2795788","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.262.272, Length: 8.192"
"12:26:45,2807021","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.262.272, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,2953884","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 311.296, Length: 8.192"
"12:26:45,2966312","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 311.296, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,3018532","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.203.648, Length: 8.192"
"12:26:45,3080702","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.588.224, Length: 8.192"
"12:26:45,3090756","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.588.224, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,3142612","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.358.848, Length: 8.192"
"12:26:45,3157068","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.358.848, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,3263384","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.285.568, Length: 8.192"
"12:26:45,3280224","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 557.056, Length: 8.192"
"12:26:45,3292699","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.108.352, Length: 8.192"
"12:26:45,3433507","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.223.616, Length: 8.192"
"12:26:45,3445114","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.223.616, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,3491834","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.776.064, Length: 8.192"
"12:26:45,3529158","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 13.082.624, Length: 8.192"
"12:26:45,3675807","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.677.632, Length: 8.192"
"12:26:45,3691085","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 98.304, Length: 8.192"
"12:26:45,3707515","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.269.760, Length: 8.192"
"12:26:45,3730397","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.244.608, Length: 8.192"
"12:26:45,3748534","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.244.608, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,3780144","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.883.584, Length: 8.192"
"12:26:45,3815487","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:45,3824700","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:45,3839544","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:45,3848776","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:45,3855200","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:45,3861619","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:45,4640786","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:45,4648408","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:45,4654043","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:45,4662063","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:45,4670893","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:45,4919351","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.547.712, Length: 8.192"
"12:26:45,4934583","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.547.712, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:45,5008821","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 40.960, Length: 8.192"
"12:26:45,5023250","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.777.664, Length: 8.192"
"12:26:45,5140416","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 122.880, Length: 8.192"
"12:26:45,5171695","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:45,5180936","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:45,5188956","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:45,5197772","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:45,5204588","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:45,5210611","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:45,5368647","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,5377100","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975953, endtime: 975953, seqnum: 0, connid: 0"
"12:26:45,5419621","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,5424832","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,5428443","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,5432072","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,5436877","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975953, endtime: 975953, seqnum: 0, connid: 0"
"12:26:45,5609090","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.008.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,5617114","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.008.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,5622329","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.008.239, Length: 1.460"
"12:26:45,5636754","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.009.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,5726587","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,5733412","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,5738633","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975953, endtime: 975953, seqnum: 0, connid: 0"
"12:26:45,5771917","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,5776344","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,5779153","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,5782768","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975953, endtime: 975954, seqnum: 0, connid: 0"
"12:26:45,5790736","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:45,5799581","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:45,5806783","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:45,5814812","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:45,5820839","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:45,5826862","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:45,5927313","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.009.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,5937758","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.009.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,5943762","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.009.699, Length: 5.840"
"12:26:45,5952597","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.015.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6061698","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6068928","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975954, endtime: 975954, seqnum: 0, connid: 0"
"12:26:45,6108254","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6113465","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6116651","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6119478","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6123863","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975954, endtime: 975954, seqnum: 0, connid: 0"
"12:26:45,6315446","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.015.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6323465","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.015.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6330304","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.015.539, Length: 2.920"
"12:26:45,6340305","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.018.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6361419","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:45,6370656","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:45,6379076","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:45,6387515","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:45,6393925","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:45,6397680","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.018.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6401538","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:45,6402854","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6405676","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.018.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6410099","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975954, endtime: 975954, seqnum: 0, connid: 0"
"12:26:45,6410915","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.018.459, Length: 4.380"
"12:26:45,6419340","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.022.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6446891","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6452163","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6455764","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6460196","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975954, endtime: 975954, seqnum: 0, connid: 0"
"12:26:45,6486712","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6494325","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975954, endtime: 975954, seqnum: 0, connid: 0"
"12:26:45,6624479","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.022.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6640559","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.022.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6646558","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.022.839, Length: 1.460"
"12:26:45,6655403","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.024.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6715843","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.024.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6723880","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.024.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6734176","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.024.299, Length: 5.840"
"12:26:45,6746193","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.030.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6763594","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6771211","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975954, endtime: 975954, seqnum: 0, connid: 0"
"12:26:45,6808513","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6814554","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6818547","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,6822965","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975954, endtime: 975955, seqnum: 0, connid: 0"
"12:26:45,6971396","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.030.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6983184","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.030.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6989580","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.030.139, Length: 1.460"
"12:26:45,6989748","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:45,6996825","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.031.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,6998971","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:45,7006985","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:45,7013801","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:45,7019805","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:45,7027026","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:45,7043801","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.031.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7051834","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.031.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7059952","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.031.599, Length: 4.380"
"12:26:45,7071586","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.035.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7117028","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.035.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7125028","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.035.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7138212","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.035.979, Length: 1.460"
"12:26:45,7149249","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.037.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7162931","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7169341","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7174976","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975955, endtime: 975955, seqnum: 0, connid: 0"
"12:26:45,7212268","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7217908","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7221920","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7227131","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975955, endtime: 975955, seqnum: 0, connid: 0"
"12:26:45,7234297","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.037.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7255163","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.037.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7261969","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.037.439, Length: 1.460"
"12:26:45,7269989","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.038.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7313093","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.038.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7321108","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.038.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7325941","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.038.899, Length: 4.380"
"12:26:45,7335163","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.043.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7493017","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7501037","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975955, endtime: 975955, seqnum: 0, connid: 0"
"12:26:45,7542359","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7548382","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7552776","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7556419","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7561626","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975955, endtime: 975955, seqnum: 0, connid: 0"
"12:26:45,7595773","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:45,7607828","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:45,7615455","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:45,7624678","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:45,7632697","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:45,7640315","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:45,7743169","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.043.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7754402","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.043.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7759636","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.043.279, Length: 2.920"
"12:26:45,7768864","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.046.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7825025","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.046.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7834673","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.046.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7834869","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7841078","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.046.199, Length: 4.380"
"12:26:45,7841344","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975956, endtime: 975956, seqnum: 0, connid: 0"
"12:26:45,7850300","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.050.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7888087","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7894917","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7900113","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,7905735","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975956, endtime: 975956, seqnum: 0, connid: 0"
"12:26:45,7933795","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.050.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7941030","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.050.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,7945840","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.050.579, Length: 1.460"
"12:26:45,7953891","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.052.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,8011453","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.052.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,8019071","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.052.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,8024659","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.052.039, Length: 2.920"
"12:26:45,8039671","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.054.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,8080192","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.054.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,8086629","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.054.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,8091812","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.054.959, Length: 2.920"
"12:26:45,8099444","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.057.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:45,8172470","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8180456","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975956, endtime: 975956, seqnum: 0, connid: 0"
"12:26:45,8220188","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8226192","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8230610","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8234221","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8239030","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975956, endtime: 975956, seqnum: 0, connid: 0"
"12:26:45,8288558","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:45,8297403","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:45,8305399","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:45,8313833","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:45,8320266","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:45,8330683","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:45,8507967","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8515973","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975956, endtime: 975956, seqnum: 0, connid: 0"
"12:26:45,8563980","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8571570","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8576011","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8580401","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8585640","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975956, endtime: 975956, seqnum: 0, connid: 0"
"12:26:45,8616321","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,8636749","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:45,8645202","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:45,8693326","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:45,8800719","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,8806733","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:45,8817560","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:45,8818773","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:45,8824800","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:45,8833608","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:45,8844062","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:45,8850742","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,8852067","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:45,8856979","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:45,8860114","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:45,8864616","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975957, endtime: 975957, seqnum: 0, connid: 0"
"12:26:45,8867989","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:45,8880435","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:45,8923768","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,8941029","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:45,8951436","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:45,8989974","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9003185","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:45,9012039","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:45,9058950","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9072208","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:45,9082243","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:45,9152862","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9166908","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:45,9172515","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:45,9238884","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9258113","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:45,9264150","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:45,9333168","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9345974","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:45,9351605","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:45,9367097","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:45,9375531","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:45,9382324","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:45,9389172","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:45,9395190","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:45,9401987","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:45,9414209","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9425820","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:45,9434240","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:45,9496028","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9506888","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:45,9512477","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:45,9593112","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9611179","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:45,9616381","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:45,9699189","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9714033","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:45,9720858","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:45,9794682","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9808700","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:45,9815128","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:45,9885733","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9898986","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:45,9905797","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:45,9917180","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:45,9926827","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:45,9935630","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:45,9944451","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:45,9950880","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:45,9957317","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:45,9975203","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:45,9988461","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:45,9994889","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:46,0015747","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0030194","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,0053043","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0071885","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:46,0079107","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,0122841","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0142914","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:46,0150113","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:46,0171660","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:46,0181457","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7100000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:46,0194304","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:46,0224790","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0242839","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:46,0249281","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:46,0293804","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:46,0391242","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0405274","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:46,0410494","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:46,0426952","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0458044","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:46,0472907","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,0475300","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.024.000, Length: 8.192"
"12:26:46,0528551","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0542994","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:46,0554615","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,0593143","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0605188","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:46,0614014","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,0650933","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0663743","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:46,0671781","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,0736778","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0749602","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:46,0754039","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:46,0812197","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0818336","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,0823043","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:46,0826761","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,0829444","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:46,0839226","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,0848090","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,0854131","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,0860545","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,0888022","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0898873","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:46,0903659","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:46,0972683","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,0983916","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,0988716","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,1048489","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1060123","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,1066150","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:46,1130737","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1142801","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:46,1148390","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:46,1206991","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1218211","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:46,1222629","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:46,1288816","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1302045","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:46,1307289","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,1346069","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:46,1355674","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,1362112","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:26:46,1369319","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:26:46,1373467","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1375762","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,1385115","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:46,1389533","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,1454507","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1467770","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:46,1472966","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:46,1489009","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1501036","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,1523115","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1548441","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:46,1556447","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,1605802","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1623870","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:46,1633904","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:46,1642320","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,1650344","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,1656208","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:46,1656763","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,1663583","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,1664259","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7100000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:46,1671882","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:46,1674126","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,1682980","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,1720799","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:26:46,1821782","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1837433","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:46,1842644","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:46,1859508","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1873788","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:46,1891034","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,1939177","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,1953629","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:46,1963659","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,2000172","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2012198","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:46,2020213","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,2061535","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2073982","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:46,2082024","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,2147815","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2161455","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:46,2167072","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:46,2202297","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 303.104, Length: 8.192"
"12:26:46,2213932","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 303.104, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:46,2227241","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2242481","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:46,2246918","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:46,2278001","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,2286813","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,2293223","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,2300430","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,2303084","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2305659","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,2311673","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,2314294","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:46,2319123","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:46,2383705","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2394934","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,2399361","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,2477733","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2491364","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,2496579","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:46,2567198","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2579220","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:46,2590626","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:46,2666068","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2678911","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:46,2684098","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:46,2743484","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2754736","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:46,2759541","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,2817298","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2822401","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,2828918","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:46,2834829","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,2835351","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,2841649","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,2850093","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,2856512","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,2863346","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,2896318","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2907986","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:46,2912790","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:46,2928815","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2943286","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,2962519","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,2977797","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:46,2984207","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,3022707","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,3037957","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:46,3048383","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:46,3056416","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:46,3079186","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:46,3087201","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:46,3099638","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:46,3387398","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,3396229","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,3403026","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,3410266","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,3415878","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,3422680","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,3554209","svchost.exe","884","Thread Create","","SUCCESS","Thread ID: 4000"
"12:26:46,3646879","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:46,3744653","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,3757920","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:46,3764349","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:46,3783569","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,3797218","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:46,3808848","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,3849373","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,3862612","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:46,3872661","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,3911156","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,3924022","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:46,3934850","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,3959304","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,3969758","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,3975342","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,3978580","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,3988605","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,3989006","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:46,3995821","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,3999427","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,4003855","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,4065647","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4077683","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:46,4082870","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:46,4142666","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4155490","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:46,4161494","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:46,4222895","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4235728","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:46,4240948","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:46,4300339","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4311185","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,4315980","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,4374969","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4386203","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,4390998","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:46,4448769","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4459602","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:46,4464029","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:46,4517793","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4528606","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:46,4534223","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:46,4559101","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.810.432, Length: 8.192"
"12:26:46,4575550","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.321.920, Length: 8.192"
"12:26:46,4591593","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4602840","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:46,4606041","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.326.080, Length: 8.192"
"12:26:46,4607263","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,4642759","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:46,4650078","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,4652364","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:46,4656870","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:46,4659184","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:46,4665426","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.744.896, Length: 8.192"
"12:26:46,4669214","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:46,4679253","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:46,4679640","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:46,4681086","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.261.120, Length: 8.192"
"12:26:46,4688891","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:26:46,4691489","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4698156","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:46,4704575","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,4706469","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:46,4710593","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:46,4714255","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.334.272, Length: 8.192"
"12:26:46,4716881","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,4717399","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:46,4723827","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:26:46,4731114","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.334.272, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:46,4773150","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:46,4780372","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,4787220","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:46,4789515","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4795631","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:46,4802353","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:46,4804042","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:26:46,4807177","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:46,4810899","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:46,4818093","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,4823196","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4823388","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,4824918","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,4832998","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:46,4835661","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,4836538","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,4841441","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:46,4844571","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,4851018","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,4854904","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:26:46,4859038","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,4859597","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4861734","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:46,4883963","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:46,4890405","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,4939747","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,4955393","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:26:46,4962209","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:26:46,4980771","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:26:46,4994411","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:26:46,5006456","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:26:46,5014083","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:46,5059973","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5079076","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:46,5087902","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:46,5136829","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:46,5178557","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:46,5278454","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5290900","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:46,5296106","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:46,5314976","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5338231","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:46,5349861","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,5389583","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5401614","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:46,5410440","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,5450573","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5462222","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:46,5470246","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,5505550","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5517148","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:46,5524789","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,5533494","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,5543911","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,5551953","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,5561167","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,5568374","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,5576011","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,5587794","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5599018","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:46,5605022","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:46,5666386","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,5666432","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5674829","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975963, endtime: 975963, seqnum: 0, connid: 0"
"12:26:46,5679261","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:46,5684873","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:46,5725766","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,5732195","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,5737000","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,5741436","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,5745817","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,5749063","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5751433","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 975963, endtime: 975963, seqnum: 0, connid: 0"
"12:26:46,5761080","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,5766296","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,5828117","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5842130","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,5846571","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:46,5904739","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5916766","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:46,5921589","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:46,5980149","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,5991004","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:46,5996598","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:46,6011815","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6019036","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975964, endtime: 975964, seqnum: 0, connid: 0"
"12:26:46,6059188","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,6071597","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6071629","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:46,6078828","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,6078837","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6083245","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6087654","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6091283","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6096900","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 975964, endtime: 975964, seqnum: 0, connid: 0"
"12:26:46,6141828","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,6153449","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:46,6157895","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,6214453","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,6218199","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,6226489","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:46,6228248","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,6232115","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:46,6235903","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,6244734","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,6248153","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,6251545","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,6258761","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,6262181","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,6285865","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,6303937","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:46,6310352","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,6352887","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,6357113","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6362749","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975964, endtime: 975964, seqnum: 0, connid: 0"
"12:26:46,6368911","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:26:46,6376921","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:26:46,6398287","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:26:46,6403246","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6408862","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6412478","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6413121","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:46,6415300","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6420119","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975964, endtime: 975964, seqnum: 0, connid: 0"
"12:26:46,6474112","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:26:46,6698787","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:46,6712008","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6719262","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6726064","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 975964, endtime: 975964, seqnum: 0, connid: 0"
"12:26:46,6772989","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6779007","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6782645","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6786634","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,6789214","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,6791859","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975964, endtime: 975965, seqnum: 0, connid: 0"
"12:26:46,6798441","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,6798572","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,6805266","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,6812879","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,6814209","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:46,6818127","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,6820245","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:46,6824136","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,6840687","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,6854351","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:46,6865188","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,6903683","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,6915724","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:46,6924970","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,6977008","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,6991045","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:46,7001079","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,7043601","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7055912","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7058025","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:46,7064705","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975965, endtime: 975965, seqnum: 0, connid: 0"
"12:26:46,7069277","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,7111654","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7118091","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7122896","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7127310","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7133327","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975965, endtime: 975965, seqnum: 0, connid: 0"
"12:26:46,7150718","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:46,7215735","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7227350","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: DNCI"
"12:26:46,7233373","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:46,7293542","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7304771","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:46,7309580","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:46,7366344","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 8.192, Length: 8.192"
"12:26:46,7370967","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7377983","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 8.192, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:46,7382606","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,7389427","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,7396107","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7403739","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975965, endtime: 975965, seqnum: 0, connid: 0"
"12:26:46,7455893","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7461235","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7462317","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7466730","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7467043","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,7471129","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7474479","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,7475155","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7476685","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,7480366","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 975965, endtime: 975965, seqnum: 0, connid: 0"
"12:26:46,7480492","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:46,7484714","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,7493125","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,7498345","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,7505165","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,7547509","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7560357","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:46,7566748","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:46,7628942","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7649006","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:46,7655849","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:46,7716812","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7728829","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:46,7740351","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7740897","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,7747563","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975965, endtime: 975965, seqnum: 0, connid: 0"
"12:26:46,7790103","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7796126","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7800530","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7804537","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,7809748","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975965, endtime: 975966, seqnum: 0, connid: 0"
"12:26:46,7824321","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7839156","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:46,7845202","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,7906574","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7918214","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:46,7923821","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:46,7943479","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7957115","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,7976787","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,7991897","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,7992840","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:46,7998438","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,8002351","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,8011154","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,8021184","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,8029213","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,8037638","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,8045381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:26:46,8078540","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8086172","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975966, endtime: 975966, seqnum: 0, connid: 0"
"12:26:46,8142726","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8149957","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8154379","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8158400","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8162417","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8169237","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8174042","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975966, endtime: 975966, seqnum: 0, connid: 0"
"12:26:46,8296839","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:46,8306057","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:46,8330539","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:46,8337788","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:46,8344991","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:46,8367854","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:46,8374301","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:46,8381112","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:26:46,8417406","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8425420","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975966, endtime: 975966, seqnum: 0, connid: 0"
"12:26:46,8439294","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:46,8463916","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8469943","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8473988","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:46,8479581","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975966, endtime: 975966, seqnum: 0, connid: 0"
"12:26:46,8534446","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,8541854","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,8544061","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,8550857","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,8556689","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:46,8558503","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,8561923","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:46,8564507","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,8570936","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,8579972","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,8593188","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:46,8604416","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,8643346","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,8656193","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:46,8665416","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,8702335","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,8715168","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:46,8724395","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,8767733","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,8780977","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:46,8790993","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,8864425","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,8877669","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, FileAttributes: ANCI"
"12:26:46,8882474","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:46,8943035","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,8954664","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, FileAttributes: DNCI"
"12:26:46,8959101","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:46,9014843","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9025703","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:46,9032117","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:46,9093084","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9103226","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,9104308","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,9108745","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:46,9115845","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,9127885","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,9139496","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,9145939","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,9152754","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,9173737","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9186160","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:46,9190979","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:46,9252385","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9264812","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:46,9270018","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:46,9332991","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9345843","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:46,9350653","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:46,9412044","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9423264","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:46,9427686","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:46,9493794","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9514259","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:46,9520673","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:46,9609495","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9624334","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:46,9631952","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:46,9650430","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9663273","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,9682498","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9697762","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:46,9703355","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:46,9703625","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:46,9712428","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:46,9718455","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:46,9725686","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:46,9732903","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:46,9740931","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:46,9746301","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:46,9768376","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:46,9779581","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:46,9786438","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:46,9808359","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:46,9817190","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:26:46,9827588","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:46,9841084","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:43, LastWriteTime: 06.10.2013 12:26:43, ChangeTime: 06.10.2013 12:26:43, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:46,9936563","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:47,0036566","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0051434","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, FileAttributes: ANCI"
"12:26:47,0057857","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:47,0075911","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0088749","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:47,0099572","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:47,0136066","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0148097","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:47,0156933","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:47,0190661","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0202277","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:47,0210300","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:47,0246002","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0257655","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:47,0266061","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:47,0306483","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,0315309","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,0322923","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,0325862","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0334679","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,0339880","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, FileAttributes: ANCI"
"12:26:47,0343500","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,0345520","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:47,0352322","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,0406893","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0417734","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, FileAttributes: DNCI"
"12:26:47,0422530","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:47,0500291","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0513516","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:47,0519156","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:47,0588025","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0606079","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:47,0611710","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:47,0681908","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0693520","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:47,0697965","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:47,0758550","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0769377","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:47,0774168","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:47,0829532","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0840794","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:47,0845603","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:47,0902563","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0913414","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:47,0918219","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:47,0941576","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,0948802","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,0954442","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,0960857","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,0966063","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,0971675","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,0980011","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,0991217","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:47,0995639","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:47,1054637","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,1067447","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:47,1073493","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:47,1091122","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,1104361","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:47,1123217","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,1140072","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:47,1146892","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:47,1186200","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,1206287","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:47,1216307","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:47,1223128","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:47,1272623","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:47,1285447","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, FileAttributes: ANCI"
"12:26:47,1327894","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:26:47,1551441","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,1556652","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:47,1567507","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,1584315","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,1595124","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,1600778","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,1607197","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,1645609","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,1659244","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, FileAttributes: DNCI"
"12:26:47,1664866","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:47,1682919","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,1695352","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:47,1706160","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:47,1751999","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,1769240","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:47,1781258","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:47,1820565","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,1834648","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:47,1843451","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:47,1879964","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,1891608","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:47,1900402","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:47,1985034","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:47,2097405","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2113835","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, FileAttributes: DNCI"
"12:26:47,2120678","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:47,2170342","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,2183572","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2190798","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,2197292","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2198043","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,2203645","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,2208940","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:47,2209677","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,2214146","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:47,2284364","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2298377","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:47,2304031","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:47,2374235","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2387456","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:47,2393473","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:47,2458867","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2471328","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:47,2476142","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:26:47,2477336","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:47,2487380","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:26:47,2498580","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:26:47,2509035","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:26:47,2517856","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:26:47,2525866","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:47,2540323","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:47,2541512","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2549149","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:47,2553572","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:47,2557985","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:47,2560798","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:47,2567608","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:47,2576024","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:47,2585242","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:47,2592487","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:47,2601318","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:47,2608530","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:47,2616544","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:47,2624960","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2626845","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,2638614","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:47,2639804","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:47,2644637","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:47,2649041","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:47,2657088","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:47,2665900","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:47,2675113","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:47,2683562","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:47,2691991","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:47,2699203","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:47,2706817","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2708020","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:47,2715223","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:47,2718456","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:47,2723261","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:47,2724455","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:47,2740032","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,2748867","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:47,2757283","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,2780962","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2788258","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2790600","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,2798619","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2800700","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,2801082","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:47,2804628","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:47,2807096","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:47,2809941","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2811863","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,2817554","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,2818264","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2823913","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,2825574","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2826763","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,2831904","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2836812","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,2837927","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,2839200","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:47,2844374","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,2844831","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,2850755","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:47,2856796","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,2862026","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:47,2863206","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2874523","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2882939","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,2887268","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:47,2891751","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2894499","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:47,2897806","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:47,2905028","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,2911041","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2917036","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,2919368","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, FileAttributes: ANCI"
"12:26:47,2922680","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2931082","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,2938327","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,2944722","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:47,2950726","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,2955578","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:47,2958685","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,2976430","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2982444","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,2988853","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,2994087","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:47,3000492","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,3005713","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,3012136","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,3018527","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,3023374","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,3030997","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,3037001","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:47,3043826","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,3050231","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:47,3070710","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,3073826","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:47,3079140","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,3086767","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,3093956","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:26:47,3100006","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,3132493","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,3138912","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,3146110","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,3152562","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:47,3160185","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,3167005","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,3174222","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,3181042","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,3186659","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:47,3190577","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:47,3192681","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,3195391","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:47, LastWriteTime: 06.10.2013 12:26:47, ChangeTime: 06.10.2013 12:26:47, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:26:47,3197887","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:47,3203495","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:47,3207926","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:47,3243212","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:47,3250047","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:46, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:47,3264895","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:26:47,3309745","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,3317377","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,3323394","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,3333018","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,3339027","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,3345063","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,3881422","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,3889842","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,3896238","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,3903063","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,3908301","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,3914305","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,4169812","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.057.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4179021","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.057.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4185034","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.057.879, Length: 1.460"
"12:26:47,4193883","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.059.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4283507","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.059.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4292319","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.061.056, EndOfFile: 406.059.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4305540","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.059.339, Length: 4.380, Priority: Normal"
"12:26:47,4377358","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 406.061.056, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:47,4391824","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.063.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4398649","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.063.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4405460","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.063.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4411067","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.063.719, Length: 1.460"
"12:26:47,4418676","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.065.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4439537","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,4446810","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.065.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4448769","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,4456005","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,4456028","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.065.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4461631","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.065.179, Length: 2.920"
"12:26:47,4464840","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,4468045","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.068.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4471633","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,4478868","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,4501997","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.068.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4508813","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.068.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4513641","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.068.099, Length: 2.920"
"12:26:47,4520452","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.071.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4586919","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.071.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4594164","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.071.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4599342","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.071.019, Length: 1.460"
"12:26:47,4605388","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.072.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4643267","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:47,4651272","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:47,4657715","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:47,4663467","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.072.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4672932","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:47,4674285","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.072.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4680317","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.072.479, Length: 1.460"
"12:26:47,4688732","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.073.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4689423","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:47,4746089","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.073.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4753324","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.073.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4758549","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.073.939, Length: 4.380"
"12:26:47,4766176","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.078.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4838582","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.078.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4848579","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.078.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4855417","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.078.319, Length: 1.460"
"12:26:47,4863455","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.079.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4883697","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 721.408, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:47,4929568","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 705.024, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:47,4940540","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.079.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4951372","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.079.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4951591","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 606.208, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:47,4957800","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.079.779, Length: 1.460"
"12:26:47,4969421","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.081.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,4971427","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 589.824, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:47,5012166","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,5019868","Windows7FirewallService.exe","2128","CreateFile","C:\SystemRoot\System32\smss.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:47,5021370","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,5033033","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,5041458","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.081.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5044238","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,5050275","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.081.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5051483","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,5055513","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.081.239, Length: 7.300"
"12:26:47,5057911","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,5063948","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.088.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5106306","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.088.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5113942","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.088.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5119144","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.088.539, Length: 1.460"
"12:26:47,5122223","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\csrss.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,5128385","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.089.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5174653","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\csrss.exe","SUCCESS","CreationTime: 14.07.2009 01:19:49, LastAccessTime: 14.07.2009 01:19:49, LastWriteTime: 14.07.2009 03:39:02, ChangeTime: 11.05.2013 14:06:59, FileAttributes: A"
"12:26:47,5183470","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\csrss.exe","SUCCESS",""
"12:26:47,5207163","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,5222399","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,5244604","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,5299157","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,5315984","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:47,5331247","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,5351932","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.089.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5365568","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.089.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5372397","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.089.999, Length: 7.300"
"12:26:47,5381205","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.097.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5396501","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,5414569","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\csrss.exe","SUCCESS","Filter: csrss.exe, 1: csrss.exe"
"12:26:47,5433812","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,5458817","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.097.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5466043","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.097.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5471272","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.097.299, Length: 1.460"
"12:26:47,5487753","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.098.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5534021","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wininit.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,5564917","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.098.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5572545","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.098.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5578138","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.098.759, Length: 5.840"
"12:26:47,5586563","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.104.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5605437","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wininit.exe","SUCCESS","CreationTime: 14.07.2009 01:52:37, LastAccessTime: 14.07.2009 01:52:37, LastWriteTime: 14.07.2009 03:39:52, ChangeTime: 06.09.2013 09:34:00, FileAttributes: A"
"12:26:47,5614637","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wininit.exe","SUCCESS",""
"12:26:47,5643117","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,5646760","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.104.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5656790","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.104.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5660405","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,5666012","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.104.599, Length: 2.920"
"12:26:47,5674050","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,5674456","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.107.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5718956","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,5735815","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:47,5741394","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.107.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5742085","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,5748238","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,5749404","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.107.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5753700","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,5755007","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.107.519, Length: 4.380"
"12:26:47,5760922","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,5763828","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.111.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5769384","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,5776587","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,5783794","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,5794011","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,5810833","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wininit.exe","SUCCESS","Filter: wininit.exe, 1: wininit.exe"
"12:26:47,5830482","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,5846543","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.111.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5852580","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.111.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5858164","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.111.899, Length: 1.460"
"12:26:47,5865390","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.113.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5925302","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\csrss.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,5926646","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.113.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5938280","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.113.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5943925","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.113.359, Length: 1.460"
"12:26:47,5952331","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.114.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,5967012","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\csrss.exe","SUCCESS","CreationTime: 14.07.2009 01:19:49, LastAccessTime: 14.07.2009 01:19:49, LastWriteTime: 14.07.2009 03:39:02, ChangeTime: 11.05.2013 14:06:59, FileAttributes: A"
"12:26:47,5975461","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\csrss.exe","SUCCESS",""
"12:26:47,6000325","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,6006175","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.114.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6013802","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.114.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6015976","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,6019046","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.114.819, Length: 1.460"
"12:26:47,6026248","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.116.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6029584","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,6066148","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6074135","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,6074960","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975974, endtime: 975974, seqnum: 0, connid: 0"
"12:26:47,6090196","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:47,6092235","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.116.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6101033","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.116.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6103025","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,6110251","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.116.279, Length: 4.380"
"12:26:47,6125492","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.120.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6133110","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6139155","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6143139","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6146363","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6149591","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6156015","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6159196","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,6160792","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.120.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6161211","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975974, endtime: 975974, seqnum: 0, connid: 0"
"12:26:47,6167621","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.120.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6172841","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.120.659, Length: 1.460"
"12:26:47,6180095","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.122.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6182717","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\csrss.exe","SUCCESS","Filter: csrss.exe, 1: csrss.exe"
"12:26:47,6200789","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,6278741","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.122.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6285972","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.122.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6291575","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.122.119, Length: 2.920"
"12:26:47,6299594","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.125.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6310860","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,6311980","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\services.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,6318874","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,6325280","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,6334120","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,6339727","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,6346137","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,6367549","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\services.exe","SUCCESS","CreationTime: 14.07.2009 01:19:46, LastAccessTime: 14.07.2009 01:19:46, LastWriteTime: 14.07.2009 03:39:37, ChangeTime: 11.05.2013 14:07:38, FileAttributes: A"
"12:26:47,6376249","firefox.exe","6744","ReadFile","C:\Windows\System32\wow64.dll","SUCCESS","Offset: 193.536, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:47,6379995","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\services.exe","SUCCESS",""
"12:26:47,6406912","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,6412109","firefox.exe","6744","Thread Exit","","SUCCESS","Thread ID: 9364, User Time: 0.0156001, Kernel Time: 0.0000000"
"12:26:47,6424122","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.125.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6424947","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,6431767","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.126.592, EndOfFile: 406.125.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6441429","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,6443402","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.125.039, Length: 4.380, Priority: Normal"
"12:26:47,6448855","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6457658","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975974, endtime: 975974, seqnum: 0, connid: 0"
"12:26:47,6489012","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,6491013","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.129.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6510797","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:47,6522670","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6525641","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,6530684","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6535116","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6539132","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6543121","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6550361","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6556360","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975974, endtime: 975974, seqnum: 0, connid: 0"
"12:26:47,6576466","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.129.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6585265","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.129.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6586062","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,6594940","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.129.419, Length: 1.460"
"12:26:47,6604158","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.130.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6604531","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\services.exe","SUCCESS","Filter: services.exe, 1: services.exe"
"12:26:47,6618596","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,6684368","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.130.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6691995","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.130.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6698008","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.130.879, Length: 2.920"
"12:26:47,6705645","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.133.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6714686","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\lsass.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,6768818","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\lsass.exe","SUCCESS","CreationTime: 11.05.2013 14:10:27, LastAccessTime: 11.05.2013 14:10:27, LastWriteTime: 17.11.2011 08:33:55, ChangeTime: 11.05.2013 14:55:06, FileAttributes: A"
"12:26:47,6772774","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.133.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6778438","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\lsass.exe","SUCCESS",""
"12:26:47,6780014","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.133.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6786018","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.133.799, Length: 2.920"
"12:26:47,6800755","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.136.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6804529","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,6821379","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,6841466","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,6849919","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.136.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6856740","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.136.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6862328","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.136.719, Length: 1.460"
"12:26:47,6867856","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6869181","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.138.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6875451","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6880279","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:47,6886306","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975975, endtime: 975975, seqnum: 0, connid: 0"
"12:26:47,6911068","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,6944759","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.138.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6945309","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:47,6949699","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6952391","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.138.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6956095","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6958007","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.138.179, Length: 4.380"
"12:26:47,6960540","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6962565","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,6965317","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6966040","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.142.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,6969357","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,6978165","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:47,6983795","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975975, endtime: 975975, seqnum: 0, connid: 0"
"12:26:47,7001732","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.548.288, Length: 8.192"
"12:26:47,7013791","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.548.288, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:47,7022748","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7044394","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\lsass.exe","SUCCESS","Filter: lsass.exe, 1: lsass.exe"
"12:26:47,7058053","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,7060446","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,7068843","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,7076069","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,7076195","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.142.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7084107","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,7084625","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.142.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7091333","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,7091436","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.142.559, Length: 4.380"
"12:26:47,7099763","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,7106163","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.146.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7148731","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\lsm.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7165922","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.146.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7173549","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.146.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7179166","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.146.939, Length: 1.460"
"12:26:47,7187992","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.148.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7190455","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\lsm.exe","SUCCESS","CreationTime: 21.11.2010 05:23:53, LastAccessTime: 21.11.2010 05:23:53, LastWriteTime: 21.11.2010 05:23:53, ChangeTime: 11.05.2013 14:07:12, FileAttributes: A"
"12:26:47,7198889","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\lsm.exe","SUCCESS",""
"12:26:47,7223740","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7241798","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,7249024","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.148.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7255429","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,7258648","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.148.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7265016","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7270530","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.148.399, Length: 2.920"
"12:26:47,7271444","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7276258","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:47,7281894","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975975, endtime: 975975, seqnum: 0, connid: 0"
"12:26:47,7282174","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.151.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7317614","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7323636","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.151.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7331254","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.151.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7335247","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:47,7337276","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.151.319, Length: 1.460"
"12:26:47,7345314","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.152.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7347693","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,7349555","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7356398","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7361199","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7365220","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7368821","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7375655","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:47,7380451","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975975, endtime: 975975, seqnum: 0, connid: 0"
"12:26:47,7395444","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7412294","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\lsm.exe","SUCCESS","Filter: lsm.exe, 1: lsm.exe"
"12:26:47,7424736","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,7509774","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7549478","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:47,7558304","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:47,7582002","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7598022","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,7610067","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,7654996","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7657575","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,7663836","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7666793","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,7671039","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7671062","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:47,7674047","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,7675876","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:47,7681875","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975975, endtime: 975975, seqnum: 0, connid: 0"
"12:26:47,7682869","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,7684315","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,7693323","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,7703428","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,7745151","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7754071","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7759324","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7763322","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7764003","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:47,7767319","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7770953","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7778180","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:47,7783372","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 975975, endtime: 975976, seqnum: 0, connid: 0"
"12:26:47,7785233","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,7818681","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7823477","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7826714","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,7831501","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975976, endtime: 975976, seqnum: 0, connid: 0"
"12:26:47,7894025","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7939938","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:47,7951736","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:47,7976209","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,7981392","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.152.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7990600","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.152.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,7992266","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,7997840","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.152.779, Length: 1.460"
"12:26:47,8006331","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,8006657","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.154.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8030122","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,8036919","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975976, endtime: 975976, seqnum: 0, connid: 0"
"12:26:47,8060137","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.154.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8066948","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.154.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8072158","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.154.239, Length: 7.300"
"12:26:47,8087198","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.161.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8098306","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,8103927","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,8107962","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,8112352","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,8116378","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,8117414","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,8122806","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,8127994","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975976, endtime: 975976, seqnum: 0, connid: 0"
"12:26:47,8138476","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.161.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8144895","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.161.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8150111","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.161.539, Length: 1.460"
"12:26:47,8157318","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:47,8158106","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.162.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8165309","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,8170926","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,8174532","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:47,8177359","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,8179360","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975976, endtime: 975976, seqnum: 0, connid: 0"
"12:26:47,8210681","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.162.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8217095","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.162.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8221924","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.162.999, Length: 1.460"
"12:26:47,8229532","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.164.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8236852","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,8254887","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:47,8269329","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,8294936","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,8297758","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.164.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8302945","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,8304172","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.164.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8308973","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,8309369","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.164.459, Length: 7.300"
"12:26:47,8315802","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,8317813","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.171.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8321013","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,8327432","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,8360399","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\atiesrxx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,8362947","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.171.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8370555","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.171.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8376564","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.171.759, Length: 1.460"
"12:26:47,8384196","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.173.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8399744","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\atiesrxx.exe","SUCCESS","CreationTime: 29.09.2011 11:50:12, LastAccessTime: 11.05.2013 13:23:48, LastWriteTime: 29.09.2011 11:50:12, ChangeTime: 22.09.2013 09:54:10, FileAttributes: A"
"12:26:47,8408547","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\atiesrxx.exe","SUCCESS",""
"12:26:47,8432063","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.173.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8440502","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,8441305","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.173.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8447322","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.173.219, Length: 3.472"
"12:26:47,8456144","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.176.691, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8461373","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,8474608","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,8496659","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.176.691, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8502705","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.176.691, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8507907","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.176.691, Length: 2.920"
"12:26:47,8514732","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.179.611, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8523166","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,8543617","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:47,8558438","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,8581105","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.179.611, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8589110","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.179.611, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8594331","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.179.611, Length: 5.288"
"12:26:47,8602756","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.184.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8610206","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,8631772","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\atiesrxx.exe","SUCCESS","Filter: atiesrxx.exe, 1: atiesrxx.exe"
"12:26:47,8654089","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,8665570","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.184.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8672787","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.184.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8678011","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.184.899, Length: 2.920"
"12:26:47,8685639","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.187.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8727624","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.187.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8736030","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.187.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8741651","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.187.819, Length: 552"
"12:26:47,8748859","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.188.371, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8781766","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\winlogon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,8807600","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:47,8816021","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:47,8823639","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:47,8830300","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\winlogon.exe","SUCCESS","CreationTime: 21.11.2010 05:24:29, LastAccessTime: 21.11.2010 05:24:29, LastWriteTime: 21.11.2010 05:24:29, ChangeTime: 11.05.2013 14:07:46, FileAttributes: A"
"12:26:47,8831023","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.188.371, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8832479","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:47,8839276","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:47,8841128","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\winlogon.exe","SUCCESS",""
"12:26:47,8846492","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:47,8852114","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.192.128, EndOfFile: 406.188.371, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8864177","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.188.371, Length: 8.208, Priority: Normal"
"12:26:47,8877407","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,8908686","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,8913127","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.196.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8920321","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.196.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8922327","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,8928587","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.196.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8935445","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.196.579, Length: 2.920"
"12:26:47,8942661","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.199.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,8969700","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,8986550","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:47,8999789","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.199.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9000181","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,9007398","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.199.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9012608","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.199.499, Length: 552"
"12:26:47,9019419","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.200.051, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9048324","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,9064376","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\winlogon.exe","SUCCESS","Filter: winlogon.exe, 1: winlogon.exe"
"12:26:47,9076552","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.200.051, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9077620","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,9088303","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.200.051, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9097138","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.200.051, Length: 5.840"
"12:26:47,9107868","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.205.891, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9164440","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,9169240","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.205.891, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9180959","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.205.891, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9188591","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.205.891, Length: 2.368"
"12:26:47,9198616","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.208.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9208954","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:47,9217794","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:47,9236720","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.208.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9249595","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.208.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9255991","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.208.259, Length: 4.380"
"12:26:47,9259354","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,9266445","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.212.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:47,9277786","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,9291832","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,9342802","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,9344416","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.597.440, Length: 8.192"
"12:26:47,9359246","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.949.120, Length: 8.192"
"12:26:47,9360449","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:26:47,9370078","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.949.120, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:47,9373297","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,9418603","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,9431726","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 434.176, Length: 8.192"
"12:26:47,9436666","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:47,9451123","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,9455788","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.244.032, Length: 8.192"
"12:26:47,9484258","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.286.144, Length: 8.192"
"12:26:47,9506319","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 270.336, Length: 8.192"
"12:26:47,9543415","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,9550063","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.925.120, Length: 8.192"
"12:26:47,9562500","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 3.039.232, Length: 8.192"
"12:26:47,9570538","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 3.039.232, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:47,9584724","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:47,9594754","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:47,9620826","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,9641292","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:47,9654923","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:47,9702273","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,9719141","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:26:47,9738650","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:47,9758948","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.892.352, Length: 8.192"
"12:26:47,9795213","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,9812040","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:47,9826119","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:47,9921182","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:47,9950115","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 131.072, Length: 8.192"
"12:26:47,9964516","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:47,9972530","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:47,9995416","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,0005316","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.212.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0012266","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,0012948","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.212.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0018177","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.212.639, Length: 1.460"
"12:26:48,0025081","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,0026597","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.214.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0069254","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.728.512, Length: 8.192"
"12:26:48,0079680","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.214.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0081136","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,0087713","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.214.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0092910","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.214.099, Length: 2.920"
"12:26:48,0100132","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.217.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0100421","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,0101764","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.236.416, Length: 8.192"
"12:26:48,0114864","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,0168091","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.217.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0171567","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.031.616, Length: 8.192"
"12:26:48,0176087","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.217.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0181335","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.217.019, Length: 4.380"
"12:26:48,0181741","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,0190138","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.221.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0198969","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:48,0211816","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,0212913","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.407.296, Length: 8.192"
"12:26:48,0218249","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.221.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0225858","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.221.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0239881","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.221.399, Length: 1.460"
"12:26:48,0247130","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.222.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0288444","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.222.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0294844","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.222.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0299285","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.222.859, Length: 2.920"
"12:26:48,0306516","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.225.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0308223","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,0326044","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.957.888, Length: 8.192"
"12:26:48,0358913","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.225.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0361082","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:48,0366545","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.225.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0370179","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.252.224, Length: 8.192"
"12:26:48,0371775","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.225.779, Length: 1.460"
"12:26:48,0376034","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:48,0379383","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.227.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,0403735","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,0421779","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,0435825","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,0483282","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.121.728, Length: 8.192"
"12:26:48,0491632","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,0511795","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.015.808, Length: 8.192"
"12:26:48,0514873","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,0534966","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,0598447","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.415.488, Length: 8.192"
"12:26:48,0601134","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,0622411","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:48,0639644","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,0665838","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.220.608, Length: 8.192"
"12:26:48,0689914","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.268.608, Length: 8.192"
"12:26:48,0756539","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 884.736, Length: 8.192"
"12:26:48,0822204","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,0897212","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS","CreationTime: 22.07.2013 21:33:32, LastAccessTime: 22.07.2013 21:33:32, LastWriteTime: 16.05.2013 03:14:56, ChangeTime: 22.07.2013 21:33:32, FileAttributes: N"
"12:26:48,0899363","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.423.680, Length: 8.192"
"12:26:48,0906477","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS",""
"12:26:48,0969576","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,0970359","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.105.920, Length: 8.192"
"12:26:48,0989612","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT","SUCCESS","Filter: IDT, 1: IDT"
"12:26:48,1004055","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:26:48,1033328","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.785.856, Length: 8.192"
"12:26:48,1059447","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1074687","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.284.992, Length: 8.192"
"12:26:48,1077482","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM","SUCCESS","Filter: WDM, 1: WDM"
"12:26:48,1091108","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT","SUCCESS",""
"12:26:48,1153125","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1169177","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM\STacSV64.exe","SUCCESS","Filter: STacSV64.exe, 1: stacsv64.exe"
"12:26:48,1181600","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM","SUCCESS",""
"12:26:48,1263844","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1300739","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:48,1309178","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:48,1327824","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,1332457","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1335862","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,1342682","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,1348891","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,1350305","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,1356304","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,1362140","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,1362331","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,1407078","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1422710","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,1443801","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,1500770","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1516831","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:48,1531265","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,1613901","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\hpservice.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1631572","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\hpservice.exe","SUCCESS","CreationTime: 25.04.2012 14:02:52, LastAccessTime: 11.05.2013 13:48:04, LastWriteTime: 25.04.2012 14:02:52, ChangeTime: 11.05.2013 13:48:05, FileAttributes: A"
"12:26:48,1640384","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\hpservice.exe","SUCCESS",""
"12:26:48,1662855","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1677279","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,1688130","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,1727447","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1742272","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,1753515","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,1841800","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1885124","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","CreationTime: 16.12.2012 13:25:38, LastAccessTime: 13.05.2013 10:47:49, LastWriteTime: 16.12.2012 13:25:38, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:26:48,1893553","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS",""
"12:26:48,1936485","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,1950532","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","Filter: SbieSvc.exe, 1: SbieSvc.exe"
"12:26:48,1960963","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:26:48,2095338","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2110187","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS","CreationTime: 03.08.2013 09:34:58, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:34:58, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:26:48,2116606","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS",""
"12:26:48,2157126","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2171186","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:26:48,2181622","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:48,2258230","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\atieclxx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2292355","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\atieclxx.exe","SUCCESS","CreationTime: 29.09.2011 11:50:36, LastAccessTime: 11.05.2013 13:23:48, LastWriteTime: 29.09.2011 11:50:36, ChangeTime: 22.09.2013 09:54:10, FileAttributes: A"
"12:26:48,2299166","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\atieclxx.exe","SUCCESS",""
"12:26:48,2322029","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2340488","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,2352104","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,2393431","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2407072","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,2417120","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,2457216","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2470483","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\atieclxx.exe","SUCCESS","Filter: atieclxx.exe, 1: atieclxx.exe"
"12:26:48,2481315","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,2555909","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2590420","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:48,2596849","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:48,2615681","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2629732","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,2642169","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,2684322","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2699535","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,2711589","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,2773909","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2790344","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:48,2802799","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,2862035","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,2870852","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,2877294","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,2885318","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,2890534","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,2896547","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,2904365","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wlanext.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,2958624","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wlanext.exe","SUCCESS","CreationTime: 14.07.2009 02:07:15, LastAccessTime: 14.07.2009 02:07:15, LastWriteTime: 14.07.2009 03:39:54, ChangeTime: 11.05.2013 14:07:46, FileAttributes: A"
"12:26:48,2970235","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wlanext.exe","SUCCESS",""
"12:26:48,2994736","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3010387","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,3023216","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,3071368","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3087803","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,3101033","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,3159074","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3180338","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\WLANExt.exe","SUCCESS","Filter: WLANExt.exe, 1: wlanext.exe"
"12:26:48,3196371","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,3298455","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\conhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3348576","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","CreationTime: 12.09.2013 20:28:20, LastAccessTime: 12.09.2013 20:28:20, LastWriteTime: 02.08.2013 03:09:17, ChangeTime: 12.09.2013 21:03:53, FileAttributes: A"
"12:26:48,3358237","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\conhost.exe","SUCCESS",""
"12:26:48,3383904","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3400768","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,3413601","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,3434860","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.326.528, Length: 8.192"
"12:26:48,3450893","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.326.528, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:48,3460914","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3477391","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,3489021","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,3499092","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,3509915","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,3517934","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,3525986","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,3535605","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,3539496","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3542799","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,3560754","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\conhost.exe","SUCCESS","Filter: conhost.exe, 1: conhost.exe"
"12:26:48,3576391","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,3670251","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\spoolsv.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3707580","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\spoolsv.exe","SUCCESS","CreationTime: 11.05.2013 14:07:36, LastAccessTime: 11.05.2013 14:07:36, LastWriteTime: 11.02.2012 08:36:02, ChangeTime: 11.05.2013 14:55:02, FileAttributes: A"
"12:26:48,3717918","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\spoolsv.exe","SUCCESS",""
"12:26:48,3751613","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3769662","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,3782911","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,3832267","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3848300","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:26:48,3859547","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,3901262","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,3915294","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\spoolsv.exe","SUCCESS","Filter: spoolsv.exe, 1: spoolsv.exe"
"12:26:48,3926140","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,4007153","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,4044463","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:48,4053322","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:48,4071441","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,4076195","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,4080664","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,4086719","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,4090232","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,4094323","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,4099930","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,4102897","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,4105948","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,4163892","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,4180327","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,4192348","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,4234478","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,4250134","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:48,4263359","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,4379863","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,4398308","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, FileAttributes: ANCI"
"12:26:48,4405940","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:26:48,4615366","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,4632188","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,4638766","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:48,4641830","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,4646398","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:48,4650246","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,4653605","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:48,4658293","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,4664311","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:48,4665487","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,4673534","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,4675148","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:48,4709240","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","CreationTime: 10.05.2013 00:57:24, LastAccessTime: 30.06.2013 18:43:15, LastWriteTime: 10.05.2013 00:57:24, ChangeTime: 30.06.2013 18:43:15, FileAttributes: A"
"12:26:48,4716881","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS",""
"12:26:48,4762995","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,4780666","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe","SUCCESS","Filter: Adobe, 1: Adobe"
"12:26:48,4794693","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS",""
"12:26:48,4848467","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,4864519","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS","Filter: ARM, 1: ARM"
"12:26:48,4882297","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe","SUCCESS",""
"12:26:48,4939658","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,4956928","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS","Filter: 1.0, 1: 1.0"
"12:26:48,4968166","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS",""
"12:26:48,5009073","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,5023922","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","Filter: armsvc.exe, 1: armsvc.exe"
"12:26:48,5049841","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS",""
"12:26:48,5184557","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.083.776, Length: 8.192"
"12:26:48,5195771","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.083.776, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:48,5212477","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,5243457","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS","CreationTime: 13.02.2013 12:46:48, LastAccessTime: 11.05.2013 13:22:57, LastWriteTime: 13.02.2013 12:46:48, ChangeTime: 15.05.2013 16:19:51, FileAttributes: ANCI"
"12:26:48,5245085","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,5255507","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:48,5256197","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS",""
"12:26:48,5267542","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:48,5277591","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:26:48,5285176","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:48,5291996","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,5298821","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:48,5305161","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,5306849","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:48,5314892","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:26:48,5320807","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:26:48,5322104","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:48,5331341","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,5335637","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:26:48,5338534","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:48,5348862","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:48,5353005","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,5356480","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:26:48,5363427","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,5368236","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:48,5375863","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,5376064","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,5382273","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:48,5386500","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,5388692","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:48,5393688","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,5395526","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:26:48,5400919","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,5401152","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:48,5473245","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,5489717","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS","CreationTime: 03.08.2013 09:35:05, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:35:05, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:26:48,5496939","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS",""
"12:26:48,5540258","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,5555513","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:26:48,5567152","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:48,5718774","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,5789397","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","CreationTime: 25.07.2012 10:46:42, LastAccessTime: 15.06.2013 07:13:50, LastWriteTime: 25.07.2012 10:46:42, ChangeTime: 15.06.2013 07:13:50, FileAttributes: ANCI"
"12:26:48,5800127","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS",""
"12:26:48,5866957","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,5888202","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia","SUCCESS","Filter: Secunia, 1: Secunia"
"12:26:48,5903050","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:48,5955630","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,5972092","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia\PSI","SUCCESS","Filter: PSI, 1: PSI"
"12:26:48,5982911","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia","SUCCESS",""
"12:26:48,6023039","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia\PSI","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,6038265","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","Filter: sua.exe, 1: sua.exe"
"12:26:48,6048720","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia\PSI","SUCCESS",""
"12:26:48,6123602","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,6127735","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,6132442","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,6139230","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,6146465","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,6152903","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,6158898","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,6165447","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskhost.exe","SUCCESS","CreationTime: 11.05.2013 14:09:45, LastAccessTime: 11.05.2013 14:09:45, LastWriteTime: 23.11.2012 05:13:57, ChangeTime: 11.05.2013 14:55:03, FileAttributes: A"
"12:26:48,6172669","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskhost.exe","SUCCESS",""
"12:26:48,6194347","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,6209172","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,6221222","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,6283150","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,6301231","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,6314849","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,6359810","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,6376660","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskhost.exe","SUCCESS","Filter: taskhost.exe, 1: taskhost.exe"
"12:26:48,6389871","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,6525902","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,6591273","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","CreationTime: 03.08.2013 09:35:27, LastAccessTime: 03.08.2013 09:36:29, LastWriteTime: 03.08.2013 09:35:27, ChangeTime: 03.08.2013 09:36:29, FileAttributes: A"
"12:26:48,6600528","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS",""
"12:26:48,6645429","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,6661094","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:26:48,6673914","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:48,6699618","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,6709251","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,6717671","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,6727682","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,6735310","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,6743301","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,6743753","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,6766579","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","Filter: ALsvc.exe, 1: ALsvc.exe"
"12:26:48,6766999","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,6775825","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975984, endtime: 975985, seqnum: 0, connid: 0"
"12:26:48,6782645","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS",""
"12:26:48,6845226","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,6851659","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,6856054","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,6860075","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,6864465","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,6872087","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,6876930","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975985, endtime: 975985, seqnum: 0, connid: 0"
"12:26:48,6915033","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,6920673","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,6922008","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\dwm.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,6925077","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,6930675","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975985, endtime: 975985, seqnum: 0, connid: 0"
"12:26:48,6970636","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\dwm.exe","SUCCESS","CreationTime: 14.07.2009 01:37:38, LastAccessTime: 14.07.2009 01:37:38, LastWriteTime: 14.07.2009 03:39:08, ChangeTime: 11.05.2013 14:07:03, FileAttributes: A"
"12:26:48,6980273","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\dwm.exe","SUCCESS",""
"12:26:48,6997277","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.227.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7007298","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.227.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7007531","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,7012938","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.227.239, Length: 1.460"
"12:26:48,7024554","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.228.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7025169","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,7058118","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,7092621","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.228.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7099455","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.228.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7105874","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.228.699, Length: 4.380"
"12:26:48,7113879","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.233.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7123288","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,7150835","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,7159778","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7167405","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975985, endtime: 975985, seqnum: 0, connid: 0"
"12:26:48,7177029","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,7178139","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.233.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7184946","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.233.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7190562","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.233.079, Length: 4.380"
"12:26:48,7199398","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.237.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7237996","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7244835","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7246622","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,7249621","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7253652","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7258060","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7265277","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7270511","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975985, endtime: 975985, seqnum: 0, connid: 0"
"12:26:48,7277490","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\Dwm.exe","SUCCESS","Filter: Dwm.exe, 1: dwm.exe"
"12:26:48,7284711","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.237.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7293113","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.237.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7298342","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.237.459, Length: 4.380"
"12:26:48,7303152","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,7306362","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.241.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7313830","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7319452","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7323860","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7328268","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7333876","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975985, endtime: 975985, seqnum: 0, connid: 0"
"12:26:48,7417207","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\explorer.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,7464575","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\explorer.exe","SUCCESS","CreationTime: 11.05.2013 14:10:50, LastAccessTime: 11.05.2013 17:21:33, LastWriteTime: 25.02.2011 08:19:30, ChangeTime: 12.05.2013 08:15:45, FileAttributes: A"
"12:26:48,7475664","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\explorer.exe","SUCCESS",""
"12:26:48,7480487","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,7489337","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,7494235","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.241.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7496959","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,7501872","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.241.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7506173","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,7507498","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.241.839, Length: 1.460"
"12:26:48,7508585","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,7512596","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,7515489","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.243.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7520191","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,7558547","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7561150","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.243.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7565381","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975985, endtime: 975985, seqnum: 0, connid: 0"
"12:26:48,7567601","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.243.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7572784","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.243.299, Length: 7.300"
"12:26:48,7577725","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,7580430","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.250.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7604730","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,7630756","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7636378","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7640413","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7644429","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7648810","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7655653","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7660883","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975985, endtime: 975985, seqnum: 0, connid: 0"
"12:26:48,7662474","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,7673105","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.250.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7680322","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.250.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7685943","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.250.599, Length: 1.460"
"12:26:48,7687618","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\Explorer.EXE","SUCCESS","Filter: Explorer.EXE, 1: explorer.exe"
"12:26:48,7693570","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.252.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7701389","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7702079","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,7706618","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7710598","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7715421","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975985, endtime: 975985, seqnum: 0, connid: 0"
"12:26:48,7782504","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.252.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7790934","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.252.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7796933","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.252.059, Length: 2.920"
"12:26:48,7805386","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.254.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7850804","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.254.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7858418","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.254.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7863624","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.254.979, Length: 2.920"
"12:26:48,7871652","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.257.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,7894772","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,7916063","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS","CreationTime: 12.11.2012 18:00:09, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 12.11.2012 18:00:09, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:26:48,7918713","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7925678","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS",""
"12:26:48,7927133","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975986, endtime: 975986, seqnum: 0, connid: 0"
"12:26:48,7972057","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7978900","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7984102","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7987074","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,7988515","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,7994127","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975986, endtime: 975986, seqnum: 0, connid: 0"
"12:26:48,8009111","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:26:48,8023955","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:48,8064065","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8070507","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8074911","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8078909","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8082533","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8089760","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8092857","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,8095348","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975986, endtime: 975986, seqnum: 0, connid: 0"
"12:26:48,8103279","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,8110906","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,8121337","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,8131768","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,8140995","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,8240173","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,8258633","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS","CreationTime: 11.02.2012 08:55:04, LastAccessTime: 10.08.2013 18:00:11, LastWriteTime: 11.02.2012 08:55:04, ChangeTime: 10.08.2013 18:00:11, FileAttributes: ANCI"
"12:26:48,8264114","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8267851","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS",""
"12:26:48,8271349","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8275781","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:48,8281384","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 975986, endtime: 975986, seqnum: 0, connid: 0"
"12:26:48,8317467","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8317999","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,8323098","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8327124","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:48,8332349","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3828, startime: 975986, endtime: 975986, seqnum: 0, connid: 0"
"12:26:48,8335722","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Microsoft SQL Server\90","SUCCESS","Filter: 90, 1: 90"
"12:26:48,8343759","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.257.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8350580","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.257.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8355800","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.257.899, Length: 1.460"
"12:26:48,8364724","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server","SUCCESS",""
"12:26:48,8366604","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.259.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8384947","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8391758","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8395770","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8401391","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975986, endtime: 975986, seqnum: 0, connid: 0"
"12:26:48,8422500","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server\90","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,8440969","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Microsoft SQL Server\90\Shared","SUCCESS","Filter: Shared, 1: Shared"
"12:26:48,8444313","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8449911","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8453387","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.259.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8453550","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8454203","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server\90","SUCCESS",""
"12:26:48,8457534","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:48,8461000","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.259.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8462372","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975986, endtime: 975986, seqnum: 0, connid: 0"
"12:26:48,8466248","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.259.359, Length: 2.920"
"12:26:48,8474267","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.262.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8531624","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.262.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8538850","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.262.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8542055","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,8544075","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.262.279, Length: 5.840"
"12:26:48,8552504","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.268.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8598226","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:48,8601146","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.268.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8608256","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:48,8608783","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.268.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8614801","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.268.119, Length: 1.460"
"12:26:48,8622400","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.269.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8635905","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,8652382","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:48,8666437","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:48,8668033","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.269.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8675226","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.269.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8680474","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.269.579, Length: 2.920"
"12:26:48,8689291","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.272.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8707051","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,8712565","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,8717081","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,8725132","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,8729387","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:48,8735997","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.272.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8740784","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,8745225","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.272.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8747972","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,8752427","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.272.499, Length: 1.460"
"12:26:48,8753496","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:48,8755595","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,8765522","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.273.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8802035","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,8817667","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:48,8832922","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:48,8853597","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.273.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8860847","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.273.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8866057","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.273.959, Length: 1.460"
"12:26:48,8874091","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.275.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8925989","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.275.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8934852","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.275.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8940460","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.275.419, Length: 4.380"
"12:26:48,8949290","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.279.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,8994993","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,9006656","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.279.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9013047","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS","CreationTime: 03.08.2013 09:35:07, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:35:07, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:26:48,9013457","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.279.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9018272","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.279.799, Length: 7.300"
"12:26:48,9021882","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS",""
"12:26:48,9027485","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.287.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9076454","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,9082691","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.287.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9093229","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.287.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9094484","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:26:48,9104355","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.287.099, Length: 1.460"
"12:26:48,9108549","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:48,9113200","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.288.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9255692","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,9256588","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,9268465","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,9276479","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,9285693","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,9292116","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,9298559","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,9322388","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","CreationTime: 14.09.2012 15:09:22, LastAccessTime: 18.11.2012 10:45:57, LastWriteTime: 14.09.2012 15:09:22, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:26:48,9337861","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS",""
"12:26:48,9397620","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,9415674","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SynTP","SUCCESS","Filter: SynTP, 1: SynTP"
"12:26:48,9436340","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics","SUCCESS",""
"12:26:48,9499704","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,9516592","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","Filter: SynTPEnh.exe, 1: SynTPEnh.exe"
"12:26:48,9539040","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP","SUCCESS",""
"12:26:48,9608809","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.288.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9616460","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.288.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9622445","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.288.559, Length: 3.472"
"12:26:48,9631281","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.292.031, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9670625","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,9684807","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.292.031, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9690703","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS","CreationTime: 19.08.2009 16:31:40, LastAccessTime: 11.05.2013 13:45:36, LastWriteTime: 19.08.2009 16:31:40, ChangeTime: 15.05.2013 16:19:50, FileAttributes: ANCI"
"12:26:48,9693208","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.292.031, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9698713","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS",""
"12:26:48,9699632","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.292.031, Length: 3.828"
"12:26:48,9709247","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.295.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9750075","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.295.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9756909","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.295.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9762493","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.295.859, Length: 4.380"
"12:26:48,9770512","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.300.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9797107","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,9802271","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:48,9813981","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:48,9825615","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:48,9828106","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.300.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9836163","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.300.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9837642","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:48,9841383","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.300.239, Length: 2.920"
"12:26:48,9842479","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","CreationTime: 22.07.2013 21:33:32, LastAccessTime: 22.07.2013 21:33:32, LastWriteTime: 16.05.2013 03:14:56, ChangeTime: 22.07.2013 21:33:32, FileAttributes: N"
"12:26:48,9844457","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:48,9852103","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:48,9852905","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS",""
"12:26:48,9855014","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.303.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9904626","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:48,9912375","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.303.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9918785","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.303.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9922316","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT","SUCCESS","Filter: IDT, 1: IDT"
"12:26:48,9926304","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.303.159, Length: 2.920"
"12:26:48,9937151","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.306.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:48,9941545","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:26:48,9994129","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0011366","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM","SUCCESS","Filter: WDM, 1: WDM"
"12:26:49,0024223","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT","SUCCESS",""
"12:26:49,0084411","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0104330","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","Filter: sttray64.exe, 1: sttray64.exe"
"12:26:49,0121558","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM","SUCCESS",""
"12:26:49,0244322","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0262796","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:49:08, ChangeTime: 05.08.2013 09:19:04, FileAttributes: ANCI"
"12:26:49,0272032","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS",""
"12:26:49,0361064","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\igfxpers.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0385009","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.695.744, Length: 8.192"
"12:26:49,0400394","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\igfxpers.exe","SUCCESS","CreationTime: 09.08.2011 09:03:00, LastAccessTime: 11.05.2013 13:23:49, LastWriteTime: 09.08.2011 09:03:00, ChangeTime: 22.09.2013 09:54:27, FileAttributes: A"
"12:26:49,0409636","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\igfxpers.exe","SUCCESS",""
"12:26:49,0434915","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0452171","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:49,0466199","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,0473154","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.982.016, Length: 8.192"
"12:26:49,0493993","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.982.016, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:49,0511137","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0527590","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:26:49,0550313","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:49,0550859","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.400.960, Length: 8.192"
"12:26:49,0604087","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0619747","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\igfxpers.exe","SUCCESS","Filter: igfxpers.exe, 1: igfxpers.exe"
"12:26:49,0627482","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,0635921","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,0637166","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:49,0643506","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,0651544","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,0657571","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,0664783","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,0743822","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0794400","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","CreationTime: 21.11.2010 05:24:15, LastAccessTime: 21.11.2010 05:24:15, LastWriteTime: 21.11.2010 05:24:15, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:26:49,0802825","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS",""
"12:26:49,0824877","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0844148","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:49,0857373","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,0900291","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0914734","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:49,0925603","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:49,0972538","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,0987373","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem","SUCCESS","Filter: wbem, 1: wbem"
"12:26:49,1000192","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:49,1063762","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,1091435","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem\wmiprvse.exe","SUCCESS","Filter: wmiprvse.exe, 1: WmiPrvSE.exe"
"12:26:49,1114727","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:26:49,1214614","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,1288358","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:49,1298808","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:49,1309635","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.387.456, Length: 8.192"
"12:26:49,1326481","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,1346713","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.432.576, Length: 8.192"
"12:26:49,1356103","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:49,1371769","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,1421516","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,1439159","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:49,1452011","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:49,1459083","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,1468703","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,1475126","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,1483131","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,1488370","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,1494766","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,1497350","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,1511775","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:49,1524197","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:49,1674919","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,1738717","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","CreationTime: 16.09.2011 14:39:24, LastAccessTime: 11.05.2013 13:36:02, LastWriteTime: 16.09.2011 14:39:24, ChangeTime: 11.05.2013 13:36:02, FileAttributes: A"
"12:26:49,1746732","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS",""
"12:26:49,1805315","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,1819748","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","Filter: nusb3mon.exe, 1: nusb3mon.exe"
"12:26:49,1832582","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application","SUCCESS",""
"12:26:49,1914028","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,1924212","csrss.exe","720","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\SideBySide\PublisherPolicyChangeTime","SUCCESS","Type: REG_QWORD, Length: 8, Data: "
"12:26:49,1951357","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","CreationTime: 03.08.2013 09:35:27, LastAccessTime: 03.08.2013 09:36:30, LastWriteTime: 03.08.2013 09:35:27, ChangeTime: 03.08.2013 09:36:30, FileAttributes: A"
"12:26:49,1958178","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS",""
"12:26:49,2000298","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2014330","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:26:49,2025176","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:49,2084147","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2097787","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","Filter: ALMon.exe, 1: ALMon.exe"
"12:26:49,2107821","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS",""
"12:26:49,2129439","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,2139049","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,2146700","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,2155507","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,2161954","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,2169553","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,2229760","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2288362","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","CreationTime: 05.11.2012 16:14:34, LastAccessTime: 11.05.2013 13:47:14, LastWriteTime: 05.11.2012 16:14:34, ChangeTime: 11.05.2013 13:47:14, FileAttributes: A"
"12:26:49,2296777","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS",""
"12:26:49,2346124","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2362960","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS","Filter: Shared, 1: Shared"
"12:26:49,2375019","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard","SUCCESS",""
"12:26:49,2419136","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2434395","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","Filter: hpqWmiEx.exe, 1: hpqWmiEx.exe"
"12:26:49,2446827","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS",""
"12:26:49,2523855","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2561147","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","CreationTime: 21.11.2010 05:24:15, LastAccessTime: 21.11.2010 05:24:15, LastWriteTime: 21.11.2010 05:24:15, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:26:49,2569591","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS",""
"12:26:49,2589655","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2607690","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:49,2620122","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,2664659","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2680324","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:49,2699432","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:49,2756009","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2771147","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,2772085","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem","SUCCESS","Filter: wbem, 1: wbem"
"12:26:49,2780346","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,2786514","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:49,2786798","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,2794416","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,2806046","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,2814060","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,2833033","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2847513","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem\wmiprvse.exe","SUCCESS","Filter: wmiprvse.exe, 1: WmiPrvSE.exe"
"12:26:49,2858742","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:26:49,2938980","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,2954622","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS","CreationTime: 14.09.2012 15:09:22, LastAccessTime: 18.11.2012 10:45:57, LastWriteTime: 14.09.2012 15:09:22, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:26:49,2961050","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS",""
"12:26:49,3001561","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,3015206","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SYNTP","SUCCESS","Filter: SYNTP, 1: SynTP"
"12:26:49,3025226","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics","SUCCESS",""
"12:26:49,3164061","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,3180086","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS","CreationTime: 23.04.2013 18:59:50, LastAccessTime: 22.07.2013 21:33:15, LastWriteTime: 23.04.2013 18:59:50, ChangeTime: 22.07.2013 21:33:15, FileAttributes: ANCI"
"12:26:49,3186514","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS",""
"12:26:49,3225835","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,3258308","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:26:49,3271548","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:26:49,3367343","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,3377770","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,3385779","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,3399345","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,3405788","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,3412608","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,3443574","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,3462803","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS","CreationTime: 23.04.2013 18:59:48, LastAccessTime: 22.07.2013 21:33:16, LastWriteTime: 23.04.2013 18:59:48, ChangeTime: 22.07.2013 21:33:16, FileAttributes: ANCI"
"12:26:49,3472436","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS",""
"12:26:49,3519404","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,3539864","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:26:49,3551895","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:26:49,3696725","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,3778045","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","CreationTime: 11.05.2013 13:36:13, LastAccessTime: 11.05.2013 13:36:13, LastWriteTime: 24.07.2012 20:00:08, ChangeTime: 11.05.2013 13:36:13, FileAttributes: ANCI"
"12:26:49,3786871","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS",""
"12:26:49,3833004","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,3847852","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Realtek","SUCCESS","Filter: Realtek, 1: Realtek"
"12:26:49,3859090","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:49,3897716","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.875.968, Length: 8.192"
"12:26:49,3917244","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,3928216","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,3933133","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","Filter: RIconMan.exe, 1: RIconMan.exe"
"12:26:49,3939044","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,3946671","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,3947972","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader","SUCCESS",""
"12:26:49,3959901","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,3960325","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,3967953","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,3975944","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,3976368","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:49,3984392","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:49,4034541","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:49,4143790","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4156624","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4161858","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, FileAttributes: ANCI"
"12:26:49,4168688","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:49,4173912","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS","CreationTime: 11.05.2013 13:23:00, LastAccessTime: 11.05.2013 13:23:00, LastWriteTime: 12.03.2013 13:20:32, ChangeTime: 11.05.2013 09:36:10, FileAttributes: A"
"12:26:49,4182706","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS",""
"12:26:49,4189932","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4203591","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:49,4215608","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:49,4227677","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4244503","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:26:49,4257738","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:49,4272335","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4286773","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:49,4297194","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:49,4321522","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4336096","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4337999","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL","SUCCESS","Filter: DAL, 1: DAL"
"12:26:49,4348570","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:49,4350002","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS",""
"12:26:49,4357387","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:49,4394306","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4406705","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:49,4414757","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:49,4473998","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4486976","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4499408","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, FileAttributes: ANCI"
"12:26:49,4504236","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:49,4537232","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","CreationTime: 11.05.2013 13:22:45, LastAccessTime: 11.05.2013 13:22:45, LastWriteTime: 12.03.2013 13:20:34, ChangeTime: 11.05.2013 09:36:10, FileAttributes: A"
"12:26:49,4543404","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,4551022","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS",""
"12:26:49,4553835","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,4562255","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,4571506","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,4572826","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4583555","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,4585267","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:47, LastWriteTime: 06.10.2013 12:26:47, ChangeTime: 06.10.2013 12:26:47, FileAttributes: DNCI"
"12:26:49,4590077","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:49,4592764","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,4596776","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4611219","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:26:49,4623656","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:49,4657612","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:49,4667115","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4674863","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:49,4680765","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:49,4682099","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:49,4685943","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:49,4686614","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4691312","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:49,4700138","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:49,4704048","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS","Filter: LMS, 1: LMS"
"12:26:49,4722899","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS",""
"12:26:49,4745753","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4756972","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:49,4761768","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:49,4774900","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4790149","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","Filter: LMS.exe, 1: LMS.exe"
"12:26:49,4801784","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS",""
"12:26:49,4817953","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4834416","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:49,4839230","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:49,4900593","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4904498","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4911043","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:49,4915461","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:49,4922118","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS","CreationTime: 11.05.2013 15:01:08, LastAccessTime: 11.05.2013 15:01:08, LastWriteTime: 11.05.2013 15:01:08, ChangeTime: 11.05.2013 15:05:08, FileAttributes: A"
"12:26:49,4930976","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS",""
"12:26:49,4982063","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,4992890","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:49,4997308","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:49,5048922","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5057487","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5069098","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:49,5071332","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS","CreationTime: 13.05.2013 16:08:26, LastAccessTime: 15.09.2013 13:17:55, LastWriteTime: 22.07.2013 00:25:30, ChangeTime: 15.09.2013 13:17:55, FileAttributes: ANCI"
"12:26:49,5073516","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:49,5080163","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS",""
"12:26:49,5117133","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,5124751","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,5135952","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5141573","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,5150829","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,5151300","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:49,5156455","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,5159729","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:49,5162468","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,5193504","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5225926","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5244026","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:49,5254056","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:49,5260825","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:49,5266031","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:49,5280161","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5282503","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5296946","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:49,5297785","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:49,5311020","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,5316609","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5345896","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:49,5359317","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:49,5372243","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5389112","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:49,5401554","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:49,5407889","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5425126","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:49,5436770","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:49,5443665","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5458089","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:49,5460547","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:49,5468571","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5b00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:49,5469733","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:49,5476977","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:49,5511111","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5552667","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:49,5562692","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:49,5588503","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5615649","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:49,5641451","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","CreationTime: 20.06.2012 18:14:18, LastAccessTime: 11.05.2013 14:43:43, LastWriteTime: 20.06.2012 18:14:18, ChangeTime: 11.05.2013 14:43:53, FileAttributes: A"
"12:26:49,5651892","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS",""
"12:26:49,5693606","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5707242","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Winamp","SUCCESS","Filter: Winamp, 1: Winamp"
"12:26:49,5718032","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5718503","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:49,5733258","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, FileAttributes: ANCI"
"12:26:49,5738866","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:49,5761006","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Winamp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5764131","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5778206","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:49,5779059","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","Filter: winamp.exe, 1: winamp.exe"
"12:26:49,5783738","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,5789038","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:49,5792317","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Winamp","SUCCESS",""
"12:26:49,5794174","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,5802221","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,5811845","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,5818679","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,5828704","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,5830346","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5843576","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:49,5852426","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:49,5888920","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5897023","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5900555","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:49,5908583","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:49,5945912","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,5949616","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","CreationTime: 01.10.2013 13:42:31, LastAccessTime: 01.10.2013 13:42:43, LastWriteTime: 01.10.2013 13:42:43, ChangeTime: 05.10.2013 09:23:33, FileAttributes: A"
"12:26:49,5957943","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:49,5961624","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS",""
"12:26:49,5966336","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:49,6020226","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Mozilla Firefox","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6032532","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6045380","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, FileAttributes: ANCI"
"12:26:49,6050198","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:49,6055629","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","Filter: firefox.exe, 1: firefox.exe"
"12:26:49,6072903","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Mozilla Firefox","SUCCESS",""
"12:26:49,6108786","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6119628","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:47, LastWriteTime: 06.10.2013 12:26:47, ChangeTime: 06.10.2013 12:26:47, FileAttributes: DNCI"
"12:26:49,6124419","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:49,6183016","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6193848","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:49,6198653","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:49,6223736","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6242597","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS","CreationTime: 06.11.2012 09:18:34, LastAccessTime: 11.05.2013 13:42:02, LastWriteTime: 06.11.2012 09:18:34, ChangeTime: 11.05.2013 13:42:02, FileAttributes: A"
"12:26:49,6250201","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS",""
"12:26:49,6256821","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6267648","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:49,6272080","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:49,6296352","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6311177","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:26:49,6322037","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:26:49,6329156","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,6329861","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6338757","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,6341066","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:49,6346011","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,6347102","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:49,6355205","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,6361639","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,6369252","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,6400680","Windows7FirewallService.exe","2128","QueryOpen","D:\Progs\Firefox 19.0.2 portable\Firefox\firefox.exe","SUCCESS","CreationTime: 03.10.2013 16:41:28, LastAccessTime: 03.10.2013 16:41:43, LastWriteTime: 03.10.2013 16:41:43, ChangeTime: 03.10.2013 16:46:19, AllocationSize: 278.528, EndOfFile: 274.840, FileAttributes: ANCI"
"12:26:49,6407272","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6413896","Windows7FirewallService.exe","2128","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6418486","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:49,6422918","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:49,6431166","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs","SUCCESS","Filter: Progs, 1: Progs"
"12:26:49,6443999","Windows7FirewallService.exe","2128","CloseFile","D:\","SUCCESS",""
"12:26:49,6482714","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6491755","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6493532","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:49,6497954","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:49,6507368","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Filter: Firefox, 1: Firefox"
"12:26:49,6518630","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS",""
"12:26:49,6556500","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6557522","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6566950","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:49,6572576","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:49,6574778","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox\firefox.exe","SUCCESS","Filter: firefox.exe, 1: firefox.exe"
"12:26:49,6587620","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS",""
"12:26:49,6632759","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6643586","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:49,6648410","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:49,6708173","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6718991","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:49,6723428","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:49,6749034","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6749594","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6765245","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:49,6788934","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6807813","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:49,6810439","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","CreationTime: 18.07.2012 20:47:26, LastAccessTime: 06.10.2013 10:27:28, LastWriteTime: 18.07.2012 20:47:26, ChangeTime: 06.10.2013 10:27:28, FileAttributes: A"
"12:26:49,6814633","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:49,6820856","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS",""
"12:26:49,6845730","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,6854556","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,6860971","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,6865253","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6868206","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,6873809","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,6879813","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,6883307","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:49,6889091","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6895114","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:49,6907145","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Nuance","SUCCESS","Filter: Nuance, 1: Nuance"
"12:26:49,6919050","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win("
"12:26:49,6920389","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS",""
"12:26:49,6931090","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5b00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:49,6940313","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:49,6975375","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Nuance","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,6990215","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","Filter: dgnsvc.exe, 1: dgnsvc.exe"
"12:26:49,6993270","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:26:49,7000655","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Nuance","SUCCESS",""
"12:26:49,7087708","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7097220","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7112853","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, FileAttributes: ANCI"
"12:26:49,7118507","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:49,7129553","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskhost.exe","SUCCESS","CreationTime: 11.05.2013 14:09:45, LastAccessTime: 11.05.2013 14:09:45, LastWriteTime: 23.11.2012 05:13:57, ChangeTime: 11.05.2013 14:55:03, FileAttributes: A"
"12:26:49,7139462","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7145065","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskhost.exe","SUCCESS",""
"12:26:49,7153093","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:49,7164308","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:49,7176385","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7195647","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:49,7207235","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7210095","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,7219303","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:49,7230523","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:49,7259021","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7269042","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7273879","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:49,7281469","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:49,7285108","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:49,7289903","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:49,7327629","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7329248","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7342874","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:49,7346075","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskhost.exe","SUCCESS","Filter: taskhost.exe, 1: taskhost.exe"
"12:26:49,7352904","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:49,7358134","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:49,7410965","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.900.544, Length: 8.192"
"12:26:49,7419880","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7426224","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.715.136, Length: 8.192"
"12:26:49,7438764","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7439972","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, FileAttributes: ANCI"
"12:26:49,7443979","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.715.136, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:49,7447170","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:49,7476060","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","CreationTime: 16.12.2012 13:25:38, LastAccessTime: 13.05.2013 10:47:49, LastWriteTime: 16.12.2012 13:25:38, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:26:49,7484513","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS",""
"12:26:49,7505744","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.179.648, Length: 8.192"
"12:26:49,7517387","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7528229","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7530949","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.309.568, Length: 8.192"
"12:26:49,7533836","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:47, LastWriteTime: 06.10.2013 12:26:47, ChangeTime: 06.10.2013 12:26:47, FileAttributes: DNCI"
"12:26:49,7540661","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:49,7543455","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","Filter: SbieCtrl.exe, 1: SbieCtrl.exe"
"12:26:49,7555109","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:26:49,7600826","Windows7FirewallService.exe","2128","QueryOpen","D:\Progs\Firefox 19.0.2 portable\Firefox\plugin-container.exe","SUCCESS","CreationTime: 03.10.2013 16:41:29, LastAccessTime: 03.10.2013 16:41:42, LastWriteTime: 03.10.2013 16:41:42, ChangeTime: 03.10.2013 16:41:42, AllocationSize: 20.480, EndOfFile: 17.816, FileAttributes: ANCI"
"12:26:49,7608458","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7614079","Windows7FirewallService.exe","2128","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7621711","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:49,7628946","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs","SUCCESS","Filter: Progs, 1: Progs"
"12:26:49,7631321","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:49,7641374","Windows7FirewallService.exe","2128","CloseFile","D:\","SUCCESS",""
"12:26:49,7683900","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7698744","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Filter: Firefox, 1: Firefox"
"12:26:49,7701132","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7711559","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS",""
"12:26:49,7713985","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:49,7720021","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:49,7793294","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.690.560, Length: 8.192"
"12:26:49,7804537","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.690.560, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:49,7814982","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7832228","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:49,7839039","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:49,7858823","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7873663","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","CreationTime: 10.09.2013 18:54:10, LastAccessTime: 10.09.2013 18:54:10, LastWriteTime: 10.09.2013 18:54:10, ChangeTime: 10.09.2013 18:54:10, FileAttributes: A"
"12:26:49,7880082","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS",""
"12:26:49,7898952","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7912168","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:49,7913255","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7922216","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,7926918","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:49,7934121","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:49,7963147","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,7977170","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:49,7981970","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.867.776, Length: 8.192"
"12:26:49,7987596","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:49,8004740","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8016776","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:49,8021217","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:49,8027333","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8042149","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed","SUCCESS","Filter: Macromed, 1: Macromed"
"12:26:49,8054609","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:49,8059409","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8068217","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975996, endtime: 975996, seqnum: 0, connid: 0"
"12:26:49,8101529","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8103843","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8116793","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed\Flash","SUCCESS","Filter: Flash, 1: Flash"
"12:26:49,8120674","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:49,8125596","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8126300","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:49,8128843","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed","SUCCESS",""
"12:26:49,8132808","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8137650","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8142064","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8146449","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8154071","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8158904","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975996, endtime: 975996, seqnum: 0, connid: 0"
"12:26:49,8170539","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.933.312, Length: 8.192"
"12:26:49,8189306","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 901.120, Length: 8.192"
"12:26:49,8198939","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 901.120, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:49,8204257","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8213867","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8219876","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8223528","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:49,8224303","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8228716","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8232732","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8239585","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:49,8241927","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8247166","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975996, endtime: 975996, seqnum: 0, connid: 0"
"12:26:49,8250385","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8265252","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","CreationTime: 10.09.2013 18:54:10, LastAccessTime: 10.09.2013 18:54:10, LastWriteTime: 10.09.2013 18:54:10, ChangeTime: 10.09.2013 18:54:10, FileAttributes: A"
"12:26:49,8272861","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS",""
"12:26:49,8294917","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8308324","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.835.008, Length: 8.192"
"12:26:49,8318083","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:49,8319422","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8327968","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.842.752, Length: 8.192"
"12:26:49,8335083","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:49,8336132","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,8340816","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.842.752, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:49,8342672","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:49,8367556","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8381205","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:49,8391888","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8404069","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8407544","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:49,8419169","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:49,8459965","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8465320","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8468380","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975996, endtime: 975996, seqnum: 0, connid: 0"
"12:26:49,8480943","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed","SUCCESS","Filter: Macromed, 1: Macromed"
"12:26:49,8490296","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:49,8494994","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:49,8497924","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:49,8540991","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8543524","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8547027","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8551422","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8555061","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8556549","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8559049","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8560794","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed\Flash","SUCCESS","Filter: Flash, 1: Flash"
"12:26:49,8565888","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8571481","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975996, endtime: 975996, seqnum: 0, connid: 0"
"12:26:49,8573007","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:49,8574430","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed","SUCCESS",""
"12:26:49,8590239","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:49,8599070","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:49,8616270","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8620865","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:49,8623058","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8627097","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8630069","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:49,8631511","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8637099","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 975996, endtime: 975996, seqnum: 0, connid: 0"
"12:26:49,8642506","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:49,8656146","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,8665402","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,8673029","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,8682247","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,8688675","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,8696667","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,8725184","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8756393","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","CreationTime: 27.09.2013 20:28:05, LastAccessTime: 27.09.2013 20:28:05, LastWriteTime: 31.05.2013 15:54:54, ChangeTime: 27.09.2013 20:28:05, FileAttributes: A"
"12:26:49,8765625","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS",""
"12:26:49,8795737","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8813380","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:49,8832521","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,8886826","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8888538","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8895344","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8898946","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8901777","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8903676","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\Desktop","SUCCESS","Filter: Desktop, 1: Desktop"
"12:26:49,8904973","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8909810","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 975997, endtime: 975997, seqnum: 0, connid: 0"
"12:26:49,8916132","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:49,8958326","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8963173","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8964741","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\Desktop","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,8965986","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8968781","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8971594","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,8976380","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 975997, endtime: 975997, seqnum: 0, connid: 0"
"12:26:49,8981176","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","Filter: Procmon.exe, 1: Procmon.exe"
"12:26:49,8994023","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\Desktop","SUCCESS",""
"12:26:49,8998884","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9004897","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975997, endtime: 975997, seqnum: 0, connid: 0"
"12:26:49,9116456","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskmgr.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9160969","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskmgr.exe","SUCCESS","CreationTime: 21.11.2010 05:24:24, LastAccessTime: 21.11.2010 05:24:24, LastWriteTime: 21.11.2010 05:24:24, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:49,9168601","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskmgr.exe","SUCCESS",""
"12:26:49,9189855","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9203915","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:49,9215149","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,9257246","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9262083","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9264864","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975997, endtime: 975997, seqnum: 0, connid: 0"
"12:26:49,9278943","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:26:49,9282679","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:49,9296963","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:49,9315824","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9321828","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9325047","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9328256","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9331872","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9337488","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9341085","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975997, endtime: 975997, seqnum: 0, connid: 0"
"12:26:49,9357832","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9380985","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskmgr.exe","SUCCESS","Filter: taskmgr.exe, 1: taskmgr.exe"
"12:26:49,9384819","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9386433","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9389657","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9393263","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9395451","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:49,9396878","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9400886","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9401282","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:47, LastWriteTime: 06.10.2013 12:26:47, ChangeTime: 06.10.2013 12:26:47, FileAttributes: DNCI"
"12:26:49,9405681","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 975997, endtime: 975997, seqnum: 0, connid: 0"
"12:26:49,9408891","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:49,9430578","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9446607","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:49,9458676","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:49,9491806","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9502783","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9509855","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","CreationTime: 06.10.2013 12:25:43, LastAccessTime: 06.10.2013 12:25:43, LastWriteTime: 06.10.2013 12:25:47, ChangeTime: 06.10.2013 12:25:47, FileAttributes: HA"
"12:26:49,9516820","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:49,9519092","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS",""
"12:26:49,9528077","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:49,9545972","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9562425","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:49,9569390","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9576061","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:49,9582648","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:49,9593849","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:49,9621022","Windows7FirewallService.exe","2128","CreateFile","C:\Users","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9635600","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9637522","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\WONDER~1","SUCCESS","Filter: WONDER~1, 1: wonderwall"
"12:26:49,9648821","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:49,9650752","Windows7FirewallService.exe","2128","CloseFile","C:\Users","SUCCESS",""
"12:26:49,9656821","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9658450","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:49,9663646","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 975997, endtime: 975997, seqnum: 0, connid: 0"
"12:26:49,9693339","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:49,9696101","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9703798","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:49,9711822","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:49,9712522","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:49,9721432","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:49,9724623","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9724972","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:49,9729050","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:49,9731042","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9731737","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9734666","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9737498","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:49,9737867","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9740297","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9746310","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9751512","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 975997, endtime: 975997, seqnum: 0, connid: 0"
"12:26:49,9752202","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:47, LastWriteTime: 06.10.2013 12:26:47, ChangeTime: 06.10.2013 12:26:47, FileAttributes: DNCI"
"12:26:49,9759820","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:49,9773181","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9788813","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9793646","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9797266","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:49,9802458","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 975997, endtime: 975998, seqnum: 0, connid: 0"
"12:26:49,9806465","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData\Local","SUCCESS","Filter: Local, 1: Local"
"12:26:49,9819714","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:49,9858261","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9868328","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData\Local","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9871519","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:47, LastWriteTime: 06.10.2013 12:26:47, ChangeTime: 06.10.2013 12:26:47, FileAttributes: DNCI"
"12:26:49,9877537","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:49,9885201","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData\Local\Temp","SUCCESS","Filter: Temp, 1: Temp"
"12:26:49,9898021","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData\Local","SUCCESS",""
"12:26:49,9943308","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:49,9956571","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:49,9961782","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:49,9996349","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0031990","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0044809","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,0046069","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:26:50,0052437","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,0057704","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:26:50,0082204","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0098620","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:50,0111085","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:26:50,0117430","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0129857","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,0134690","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:50,0158416","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0174482","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:26:50,0187321","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:26:50,0195662","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0206881","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:50,0211322","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:50,0236644","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0252719","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:26:50,0266336","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:50,0270684","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0281544","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:50,0286335","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:50,0299859","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,0308284","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0314712","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,0322321","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,0329151","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,0337949","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,0358027","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0372064","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:50,0378469","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,0389455","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,0401061","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0409897","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,0419945","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0428762","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,0440383","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:26:50,0451220","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046}"
"12:26:50,0459271","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS",""
"12:26:50,0461609","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0476051","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:50,0482484","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,0554610","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Offset: 842.752, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:50,0555897","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0567952","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:50,0572752","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:50,0590031","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0594944","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Offset: 826.368, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:50,0603271","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,0612171","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Offset: 723.968, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:50,0622098","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0629437","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Offset: 703.488, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:50,0640143","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:50,0646473","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Offset: 859.136, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:50,0646972","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,0664513","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Offset: 748.544, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:50,0678573","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,0687091","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0693814","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:50,0703158","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:26:50,0704249","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0709978","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:26:50,0712646","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0721901","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,0733219","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:26:50,0737231","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:50,0750083","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:26:50,0750862","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:26:50,0760098","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Query: Name"
"12:26:50,0762515","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:26:50,0767311","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0770529","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:50,0777732","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,0784972","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046}"
"12:26:50,0791783","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS",""
"12:26:50,0795403","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,0812673","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:50,0821098","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:50,0830213","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,0831118","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,0838634","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0841932","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:50,0846676","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,0851197","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0857079","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,0860023","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0864296","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,0868019","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,0872352","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,0874358","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:50,0876453","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,0901331","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:50,0908557","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0916884","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:50,0917370","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,0928220","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,0942649","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:26:50,0953486","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,0962308","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:50,0968717","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0975519","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,0983967","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,0993181","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:50,1001610","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:26:50,1007642","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: Name"
"12:26:50,1009247","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1015241","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1021707","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:50,1028896","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:50,1032973","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1044230","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {8564B5BD-BFC4-45C5-A755-25BA407305E7}"
"12:26:50,1049352","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1053438","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: Name"
"12:26:50,1061481","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1063011","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:50,1071515","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1073838","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,1078741","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 1.0"
"12:26:50,1086765","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS",""
"12:26:50,1096370","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,1104389","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:50,1111639","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1112348","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1117256","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1123670","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1124799","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:50,1133569","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:50,1136027","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,1149719","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:26:50,1159777","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: Name"
"12:26:50,1168575","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1175349","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1179015","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1187464","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Index: 0, Name: 1.0"
"12:26:50,1188182","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:50,1196290","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NO MORE ENTRIES","Index: 1, Length: 288"
"12:26:50,1197419","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,1203497","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: Name"
"12:26:50,1209515","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1217534","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1223958","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1240342","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1246369","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:50,1260387","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: Name"
"12:26:50,1261903","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:50,1274046","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1275907","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,1286478","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1297306","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Index: 0, Name: 0"
"12:26:50,1307340","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: Name"
"12:26:50,1314972","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1324596","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1334607","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1341432","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:50,1349484","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: Name"
"12:26:50,1355502","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1360862","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1363530","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1370336","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1375305","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:50,1376354","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:50,1382545","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:50,1383576","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Query: Name"
"12:26:50,1389990","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1398429","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1405231","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","BUFFER OVERFLOW","Length: 144"
"12:26:50,1410852","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","SUCCESS","Type: REG_SZ, Length: 138, Data: C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe"
"12:26:50,1417733","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,1424954","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1431793","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,1440591","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,1446642","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,1452641","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,1468647","Windows7FirewallControl.exe","3436","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1475583","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1487885","Windows7FirewallControl.exe","3436","QueryNetworkOpenInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:50,1488454","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:50,1494458","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:50,1498311","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
"12:26:50,1511173","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 232, Length: 4"
"12:26:50,1519579","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 236, Length: 20"
"12:26:50,1527608","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 496, Length: 40"
"12:26:50,1538020","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 536, Length: 40"
"12:26:50,1553153","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 576, Length: 40"
"12:26:50,1566392","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 616, Length: 40"
"12:26:50,1574430","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 656, Length: 40"
"12:26:50,1581666","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.864, Length: 16"
"12:26:50,1582160","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1589265","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.880, Length: 8"
"12:26:50,1595297","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.768, Length: 2"
"12:26:50,1595399","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,1601828","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,1603708","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.888, Length: 8"
"12:26:50,1610127","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.786, Length: 2"
"12:26:50,1615365","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.788, Length: 14"
"12:26:50,1622186","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.960, Length: 16"
"12:26:50,1634604","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.976, Length: 8"
"12:26:50,1643425","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.192, Length: 16"
"12:26:50,1651440","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.208, Length: 8"
"12:26:50,1658685","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.544, Length: 16"
"12:26:50,1667511","Windows7FirewallControl.exe","3436","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,1678735","Windows7FirewallControl.exe","3436","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:26:50,1681529","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1686371","Windows7FirewallControl.exe","3436","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,1695174","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,1700418","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:50,1708745","Windows7FirewallControl.exe","3436","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","SyncType: SyncTypeOther"
"12:26:50,1742016","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS",""
"12:26:50,1749242","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS",""
"12:26:50,1754872","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS",""
"12:26:50,1760083","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS",""
"12:26:50,1769828","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1774540","Windows7FirewallControl.exe","3436","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:26:50,1782256","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:50,1787882","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:50,1818111","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1827352","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1840820","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,1850864","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1857661","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1865699","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1867859","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1874921","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1881504","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:50,1883342","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:26:50,1886738","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:50,1892191","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1899016","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1905402","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,1912615","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1919477","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,1928294","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:26:50,1935487","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {8564B5BD-BFC4-45C5-A755-25BA407305E7}"
"12:26:50,1941528","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 1.0"
"12:26:50,1947947","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS",""
"12:26:50,1952920","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,1956354","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:26:50,1961994","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1965362","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:50,1968399","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,1970568","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,1975233","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,1980854","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,1987660","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:26:50,1989069","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,1993678","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Index: 0, Name: 1.0"
"12:26:50,1997490","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2000079","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NO MORE ENTRIES","Index: 1, Length: 288"
"12:26:50,2003895","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,2005723","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2011741","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,2011928","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,2017941","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,2018552","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Index: 0, Name: 0"
"12:26:50,2023982","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,2025368","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2031157","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2032976","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,2040216","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2042404","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:50,2047447","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,2047984","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,2055858","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","BUFFER OVERFLOW","Length: 144"
"12:26:50,2062688","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","SUCCESS","Type: REG_SZ, Length: 138, Data: C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe"
"12:26:50,2109240","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2112202","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2123832","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:50,2127699","Windows7FirewallService.exe","2128","QueryNetworkOpenInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:50,2129840","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:50,2139730","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
"12:26:50,2150530","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 232, Length: 4"
"12:26:50,2158157","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 236, Length: 20"
"12:26:50,2162248","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2165392","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 496, Length: 40"
"12:26:50,2173024","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 536, Length: 40"
"12:26:50,2178725","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,2180637","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 576, Length: 40"
"12:26:50,2187868","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 616, Length: 40"
"12:26:50,2195099","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 656, Length: 40"
"12:26:50,2201574","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2205045","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.864, Length: 16"
"12:26:50,2217892","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.880, Length: 8"
"12:26:50,2220047","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:50,2227138","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.768, Length: 2"
"12:26:50,2227661","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,2235143","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.888, Length: 8"
"12:26:50,2241590","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.786, Length: 2"
"12:26:50,2248793","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.788, Length: 14"
"12:26:50,2256010","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.960, Length: 16"
"12:26:50,2261641","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.976, Length: 8"
"12:26:50,2267649","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.192, Length: 16"
"12:26:50,2273658","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.208, Length: 8"
"12:26:50,2273784","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2279307","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.544, Length: 16"
"12:26:50,2286104","Windows7FirewallService.exe","2128","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,2289033","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:26:50,2294524","Windows7FirewallService.exe","2128","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:26:50,2295858","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:26:50,2300155","Windows7FirewallService.exe","2128","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,2312186","Windows7FirewallService.exe","2128","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","SyncType: SyncTypeOther"
"12:26:50,2314640","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:26:50,2325859","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:50,2338678","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS",""
"12:26:50,2344696","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS",""
"12:26:50,2349902","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS",""
"12:26:50,2354726","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS",""
"12:26:50,2368357","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:26:50,2374016","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:26:50,2535490","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,2547110","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2555130","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,2564338","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,2570767","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,2574219","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:26:50,2577997","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,2585863","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:26:50,2596303","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:26:50,2599494","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:50,2606697","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:26:50,2613955","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:26:50,2620337","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:50,2629200","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:50,2637192","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:50,2645225","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:50,2653239","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:50,2660470","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:50,2668074","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2668121","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:50,2673336","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:50,2680128","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:50,2680926","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:47, LastWriteTime: 06.10.2013 12:26:47, ChangeTime: 06.10.2013 12:26:47, FileAttributes: DNCI"
"12:26:50,2687368","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:50,2688544","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:50,2694991","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:50,2701004","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,2706210","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2706607","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:50,2712648","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:50,2719053","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:50,2719440","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:50,2724688","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:50,2732292","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,2734690","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:50,2741515","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:50,2748340","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:50,2754339","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:50,2761588","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:50,2766804","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:50,2770779","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2772029","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:50,2778420","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,2783229","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:50,2784060","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:50,2791267","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,2792074","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,2808108","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2814527","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,2820974","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2826992","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:50,2830183","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2839097","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,2843011","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:50,2849095","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2852645","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,2857953","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,2866761","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2872793","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,2880812","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,2886429","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:50,2893169","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,2893659","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,2899262","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:50,2905592","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:50,2909296","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2914008","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,2916518","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,2924542","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2932160","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:50,2940179","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,2945819","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2951809","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,2958657","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2963490","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,2965911","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,2967931","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:50,2969853","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:50,2970329","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,2972325","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:50,2982229","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2985490","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,2989520","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,2992697","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:50,2995534","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,2997931","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3001104","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,3002177","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,3003525","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3006319","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,3006972","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3008241","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3008759","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,3010560","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,3010779","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:50,3014310","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,3014585","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:47, LastWriteTime: 06.10.2013 12:26:47, ChangeTime: 06.10.2013 12:26:47, FileAttributes: DNCI"
"12:26:50,3015117","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,3016615","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:50,3017594","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,3018429","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:50,3021970","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,3031594","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3034832","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,3038424","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3041628","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:26:50,3044465","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,3050203","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3056547","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:50,3058987","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:50,3061767","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3064991","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,3068210","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3070995","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:50,3073826","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,3076229","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3082956","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,3087336","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3090126","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:50,3092715","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3092953","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,3094996","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:50,3098168","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:50,3098677","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,3100543","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:50,3101144","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,3131654","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3137256","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,3140065","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:50,3165741","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3171320","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:50,3172971","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:50,3199049","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3203863","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:50,3205841","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:50,3229292","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,3232945","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3235538","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3235800","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,3238967","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,3239956","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:50,3240996","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,3241925","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,3243399","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,3267251","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3271632","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:50,3273255","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,3298535","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3302929","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:50,3305327","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:50,3313369","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3318603","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,3332188","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3339045","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:50,3341070","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,3357635","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:26:50,3444484","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,3450674","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3451290","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:50,3454658","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,3456025","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:50,3458698","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,3460718","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,3463097","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,3467510","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,3470710","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,3473174","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:50,3483562","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:50,3486347","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:50,3489585","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:26:50,3514874","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:50,3556150","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3562172","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, FileAttributes: ANCI"
"12:26:50,3564631","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:50,3572627","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3578225","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:50,3583081","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,3597953","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3603504","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:50,3607908","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,3624823","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3631196","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:50,3634853","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,3650448","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3655659","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:50,3658854","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,3677692","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.851.392, Length: 8.192"
"12:26:50,3686989","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3689751","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.712.128, Length: 8.192"
"12:26:50,3692956","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, FileAttributes: ANCI"
"12:26:50,3694994","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.133.504, Length: 8.192"
"12:26:50,3695363","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:50,3699431","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.133.504, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,3718706","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3723885","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:50,3725536","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:50,3732603","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.317.888, Length: 8.192"
"12:26:50,3749164","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3753213","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:50,3755163","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:50,3761097","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,3765114","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,3767885","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,3771906","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,3774290","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,3776683","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,3777649","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3781703","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,3783639","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,3808144","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3813770","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,3815799","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:50,3841825","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3845860","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:50,3847493","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:50,3869167","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3873972","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:50,3876738","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:50,3901192","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3905236","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:50,3906860","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,3930950","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3936137","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:50,3938106","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,3965023","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3970220","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:50,3972198","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:50,3978654","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3983506","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,3991907","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,3996013","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,3998350","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:50,3999609","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,4000720","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,4002399","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,4006010","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,4008048","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,4010441","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,4017593","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4025621","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:50,4030417","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:50,4034000","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:50,4042322","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:50,4045900","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:26:50,4050686","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:50,4053910","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:46, LastWriteTime: 06.10.2013 12:26:46, ChangeTime: 06.10.2013 12:26:47, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:50,4089219","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:50,4129320","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4136112","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:50,4138976","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:50,4148572","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4153816","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:50,4157832","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,4173082","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4177878","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:50,4181470","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,4195161","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4199906","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:50,4203115","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,4212203","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,4215813","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,4216807","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4218249","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,4221589","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:50,4221841","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,4224220","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,4224803","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,4227000","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,4250927","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4255704","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:50,4257682","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:50,4280550","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4284594","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:50,4286227","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:50,4307453","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4311511","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:50,4313830","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:50,4336698","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4341526","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,4343583","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,4366036","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4370052","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,4371680","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:50,4401550","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4406785","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:50,4408809","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:50,4438572","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4443885","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,4445392","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:50,4447421","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:50,4447892","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,4450673","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,4453938","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,4456700","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,4459942","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,4472650","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4477506","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:50,4480249","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,4506779","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4512363","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:50,4515194","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,4545265","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4549673","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:50,4551316","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:50,4558504","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4564140","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,4577216","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4587222","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:50,4590903","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,4610976","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4618575","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:50,4622555","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:50,4625344","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:50,4632431","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:50,4633900","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:50,4635649","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:50,4637590","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:50,4638448","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:50,4641308","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:50,4644895","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:50,4651562","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:26:50,4673100","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,4676711","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,4679878","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,4683097","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,4685556","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,4687963","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,4743238","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:50,4770146","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4774928","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:50,4776920","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:50,4782979","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4788186","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:50,4792543","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,4805861","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4811002","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:50,4814603","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,4829042","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4834280","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:50,4837938","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,4854354","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4859551","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:50,4863194","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,4890083","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:50,4898214","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,4901032","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,4903397","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,4905846","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,4907843","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,4909891","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,4916995","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4921786","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:50,4923760","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:50,4949641","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4954059","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:50,4956112","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:50,4979712","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,4984540","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,4986205","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:50,5008667","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,5013398","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:50,5015413","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:50,5050414","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,5057202","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:50,5060024","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:50,5092740","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,5097913","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:50,5099915","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:50,5104995","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.589.248, Length: 8.192"
"12:26:50,5109753","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.589.248, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5122409","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,5127588","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:50,5130461","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,5144764","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,5149210","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,5152354","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,5154920","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,5155218","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,5158013","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,5159319","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:50,5160448","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,5161288","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,5184986","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,5189380","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:50,5191018","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:50,5198990","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,5203888","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,5213480","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,5219875","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:50,5221900","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:50,5230759","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:50,5243956","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,5290485","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:50,5333477","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:50,5335418","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:26:50,5353737","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:50,5361355","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:50,5375402","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:26:50,5380057","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.777.664, Length: 8.192"
"12:26:50,5385632","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.313.728, Length: 8.192"
"12:26:50,5389653","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.313.728, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5410296","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 589.824, Length: 8.192"
"12:26:50,5415964","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.391.616, Length: 8.192"
"12:26:50,5419943","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.391.616, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5437283","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.965.632, Length: 8.192"
"12:26:50,5462133","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.489.344, Length: 8.192"
"12:26:50,5473768","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.260.544, Length: 8.192"
"12:26:50,5477798","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.260.544, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5502691","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.231.808, Length: 8.192"
"12:26:50,5506656","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.231.808, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5528568","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.154.048, Length: 8.192"
"12:26:50,5534119","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.154.048, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5559184","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.272.768, Length: 8.192"
"12:26:50,5563173","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.272.768, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5589614","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.227.200, Length: 8.192"
"12:26:50,5609715","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 221.184, Length: 8.192"
"12:26:50,5631440","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.826.816, Length: 8.192"
"12:26:50,5670328","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.305.536, Length: 8.192"
"12:26:50,5675119","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.305.536, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5696848","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.309.696, Length: 8.192"
"12:26:50,5701289","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.309.696, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5725953","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.297.344, Length: 8.192"
"12:26:50,5731159","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.297.344, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5761440","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.753.088, Length: 8.192"
"12:26:50,5766697","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.166.272, Length: 8.192"
"12:26:50,5777464","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.219.008, Length: 8.192"
"12:26:50,5790307","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.941.504, Length: 8.192"
"12:26:50,5794729","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.379.264, Length: 8.192"
"12:26:50,5798330","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.379.264, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5832002","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.211.392, Length: 8.192"
"12:26:50,5837176","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.211.392, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5840437","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,5844803","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:50,5848857","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:50,5852841","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:26:50,5855267","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:50,5857641","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,5859689","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:50,5862101","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:50,5863445","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.367.040, Length: 8.192"
"12:26:50,5864919","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:26:50,5868096","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:50,5869742","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.367.040, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5871268","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,5874081","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:50,5876912","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:50,5880495","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:26:50,5883364","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:50,5886522","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,5889340","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:50,5892568","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:50,5894583","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.891.904, Length: 8.192"
"12:26:50,5895792","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:26:50,5898969","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:50,5899356","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.891.904, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5919499","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.301.504, Length: 8.192"
"12:26:50,5923931","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.301.504, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5955611","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.306.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,5959231","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.306.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,5961666","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.306.079, Length: 1.460"
"12:26:50,5962860","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.207.232, Length: 8.192"
"12:26:50,5965678","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.307.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,5966858","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.207.232, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,5978031","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.307.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,5980126","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.307.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,5982117","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.307.539, Length: 5.840"
"12:26:50,5985341","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.313.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,5988457","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.129.472, Length: 8.192"
"12:26:50,5992143","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.129.472, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6014161","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.313.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6016956","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.313.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6017697","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.744.896, Length: 8.192"
"12:26:50,6018990","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.313.379, Length: 2.920"
"12:26:50,6022199","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.316.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6039469","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes207.wohnheim.uni-kl.de:54800","SUCCESS","Length: 24, seqnum: 0, connid: 0"
"12:26:50,6061059","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.215.424, Length: 8.192"
"12:26:50,6065425","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.215.424, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6081510","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.316.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6084379","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.316.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6086348","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.316.299, Length: 2.920"
"12:26:50,6090327","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.319.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6118807","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.319.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6122371","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.323.200, EndOfFile: 406.319.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6123849","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.248.192, Length: 8.192"
"12:26:50,6129508","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.248.192, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6130362","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.319.219, Length: 5.840, Priority: Normal"
"12:26:50,6148355","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.252.352, Length: 8.192"
"12:26:50,6153538","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.252.352, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6153691","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 406.323.200, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:50,6160073","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.325.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6163287","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.325.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6166082","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.325.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6168461","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.325.059, Length: 1.460"
"12:26:50,6171269","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.326.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6184616","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.326.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6190162","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.326.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6192551","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.764.288, Length: 8.192"
"12:26:50,6192989","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.326.519, Length: 2.920"
"12:26:50,6196651","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.329.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6198191","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.764.288, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6200230","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,6205034","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,6207805","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:50,6210208","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:50,6212279","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:50,6215027","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:50,6215461","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.329.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6217882","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:50,6218306","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.329.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6220653","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.329.439, Length: 5.840"
"12:26:50,6223872","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.335.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6253173","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.285.120, Length: 8.192"
"12:26:50,6254367","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.335.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6257926","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.335.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6259666","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.285.120, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6260011","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.335.279, Length: 2.920"
"12:26:50,6261220","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:50,6263580","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.338.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6266445","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6283071","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:50,6287535","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.338.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6290689","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.338.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6293105","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.338.199, Length: 2.920"
"12:26:50,6294061","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.244.160, Length: 8.192"
"12:26:50,6296370","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.341.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6299277","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.244.160, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6312922","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:50,6320213","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.809.438, Length: 16.200"
"12:26:50,6321216","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.341.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6324020","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.341.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6326828","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.341.119, Length: 7.300"
"12:26:50,6330831","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.348.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6345096","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,6351436","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Filter: kernel32.dll.mui, 1: kernel32.dll.mui"
"12:26:50,6357067","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:50,6363304","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.348.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6366518","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.348.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6368585","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.348.419, Length: 2.920"
"12:26:50,6371734","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.351.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6377929","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,6383167","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Filter: kernel32.dll.mui, 1: kernel32.dll.mui"
"12:26:50,6388374","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:50,6390370","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.351.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6394849","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.351.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6398450","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.769.472, Length: 8.192"
"12:26:50,6398879","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.351.339, Length: 4.380"
"12:26:50,6402858","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.355.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6421845","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.355.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6422517","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,6426286","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.355.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6429043","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.355.719, Length: 1.460"
"12:26:50,6430508","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:50,6432668","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.357.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6434371","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:50,6439320","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.399.808, Length: 8.192"
"12:26:50,6443304","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.399.808, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6445585","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,6451220","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:50,6454458","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.357.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6456781","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:50,6457257","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.357.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6459627","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.357.179, Length: 1.460"
"12:26:50,6462836","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.358.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6486549","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.358.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6489693","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.358.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6491759","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.358.639, Length: 8.760"
"12:26:50,6493345","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,6495379","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.367.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6497385","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:50,6499354","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:50,6505815","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,6509785","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:50,6514226","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.367.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6514585","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:50,6517034","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.367.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6519017","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.367.399, Length: 4.380"
"12:26:50,6522180","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.371.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6533679","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.974.272, Length: 8.192"
"12:26:50,6538908","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,6540457","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.338.304, Length: 8.192"
"12:26:50,6544936","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:50,6545328","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.338.304, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6545887","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.371.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6550072","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:50,6550291","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.371.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6552708","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.371.779, Length: 2.920"
"12:26:50,6556286","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.374.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6567108","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.784.832, Length: 8.192"
"12:26:50,6570332","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.374.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6573066","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.784.832, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6573406","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.374.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6576989","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.374.699, Length: 1.460"
"12:26:50,6580184","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.376.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6600109","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.376.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6604461","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.376.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6606108","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.376.159, Length: 7.300"
"12:26:50,6609266","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.383.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6630342","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.383.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6633519","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.383.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6635549","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.383.459, Length: 1.460"
"12:26:50,6639164","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.384.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6647370","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.362.880, Length: 8.192"
"12:26:50,6652515","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.362.880, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6659793","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.384.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6662951","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.388.736, EndOfFile: 406.384.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6667821","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.384.919, Length: 4.380, Priority: Normal"
"12:26:50,6671035","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.350.656, Length: 8.192"
"12:26:50,6671269","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 6.656, Length: 4.096"
"12:26:50,6675294","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 4.608, Length: 4.096"
"12:26:50,6675882","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.350.656, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6681322","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:26:50,6689033","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.389.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:50,6694957","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 928.256, Length: 2.048"
"12:26:50,6698130","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 925.696, Length: 4.608, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,6718628","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:50,6734386","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.949.696, Length: 8.192"
"12:26:50,6801455","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,6805056","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,6807472","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,6810640","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,6812683","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,6815090","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,6908782","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 8.704, Length: 4.096"
"12:26:50,6917165","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 12.800, Length: 4.096"
"12:26:50,6924382","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 16.896, Length: 4.096"
"12:26:50,6932000","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 20.992, Length: 4.096"
"12:26:50,6932648","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> JansPC:49238","SUCCESS","Length: 24, seqnum: 0, connid: 0"
"12:26:50,6937836","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes207.wohnheim.uni-kl.de:54800","SUCCESS","Length: 24, seqnum: 0, connid: 0"
"12:26:50,6938046","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 25.088, Length: 4.096"
"12:26:50,6943714","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 29.184, Length: 4.096"
"12:26:50,6949251","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 33.280, Length: 4.096"
"12:26:50,6954532","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 37.376, Length: 4.096"
"12:26:50,6960097","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 41.472, Length: 4.096"
"12:26:50,6964982","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 45.568, Length: 4.096"
"12:26:50,6970528","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 49.664, Length: 4.096"
"12:26:50,6975762","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 53.760, Length: 4.096"
"12:26:50,6980968","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 57.856, Length: 4.096"
"12:26:50,6986170","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 61.952, Length: 4.096"
"12:26:50,6991059","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 66.048, Length: 4.096"
"12:26:50,6996666","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 70.144, Length: 4.096"
"12:26:50,7002218","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 74.240, Length: 4.096"
"12:26:50,7007498","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 78.336, Length: 4.096"
"12:26:50,7013073","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 82.432, Length: 4.096"
"12:26:50,7018284","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 86.528, Length: 4.096"
"12:26:50,7023546","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 90.624, Length: 4.096"
"12:26:50,7029923","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 94.720, Length: 4.096"
"12:26:50,7036365","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 98.816, Length: 4.096"
"12:26:50,7042346","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 102.912, Length: 4.096"
"12:26:50,7047580","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 107.008, Length: 4.096"
"12:26:50,7052842","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 111.104, Length: 4.096"
"12:26:50,7058412","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 115.200, Length: 4.096"
"12:26:50,7063637","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 119.296, Length: 4.096"
"12:26:50,7068852","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 123.392, Length: 4.096"
"12:26:50,7074105","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 127.488, Length: 4.096"
"12:26:50,7077245","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 131.072, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,7093325","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 131.584, Length: 4.096"
"12:26:50,7121245","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 135.680, Length: 4.096"
"12:26:50,7131247","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 139.776, Length: 4.096"
"12:26:50,7140120","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 143.872, Length: 4.096"
"12:26:50,7146081","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 147.968, Length: 4.096"
"12:26:50,7151339","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 152.064, Length: 4.096"
"12:26:50,7156932","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 156.160, Length: 4.096"
"12:26:50,7162157","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 160.256, Length: 4.096"
"12:26:50,7167368","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 164.352, Length: 4.096"
"12:26:50,7172985","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 168.448, Length: 4.096"
"12:26:50,7179012","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 172.544, Length: 4.096"
"12:26:50,7184619","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 176.640, Length: 4.096"
"12:26:50,7189849","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 180.736, Length: 4.096"
"12:26:50,7195423","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 184.832, Length: 4.096"
"12:26:50,7200657","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 188.928, Length: 4.096"
"12:26:50,7206293","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 193.024, Length: 4.096"
"12:26:50,7211877","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 197.120, Length: 4.096"
"12:26:50,7217134","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 201.216, Length: 4.096"
"12:26:50,7222765","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 205.312, Length: 4.096"
"12:26:50,7231535","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 209.408, Length: 4.096"
"12:26:50,7238001","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 213.504, Length: 4.096"
"12:26:50,7247634","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 217.600, Length: 4.096"
"12:26:50,7254039","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 221.696, Length: 4.096"
"12:26:50,7259646","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 225.792, Length: 4.096"
"12:26:50,7265240","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 229.888, Length: 4.096"
"12:26:50,7271295","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 233.984, Length: 4.096"
"12:26:50,7277681","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 238.080, Length: 4.096"
"12:26:50,7284109","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 242.176, Length: 4.096"
"12:26:50,7290132","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 246.272, Length: 4.096"
"12:26:50,7296164","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 250.368, Length: 4.096"
"12:26:50,7302541","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 254.464, Length: 4.096"
"12:26:50,7309370","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 258.560, Length: 4.096"
"12:26:50,7315398","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 262.656, Length: 4.096"
"12:26:50,7323804","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 266.752, Length: 4.096"
"12:26:50,7330293","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 270.848, Length: 4.096"
"12:26:50,7337505","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 274.944, Length: 4.096"
"12:26:50,7344698","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 279.040, Length: 4.096"
"12:26:50,7351883","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 283.136, Length: 4.096"
"12:26:50,7359174","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 287.232, Length: 4.096"
"12:26:50,7366363","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 291.328, Length: 4.096"
"12:26:50,7373570","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 295.424, Length: 4.096"
"12:26:50,7381207","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 299.520, Length: 4.096"
"12:26:50,7388424","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 303.616, Length: 4.096"
"12:26:50,7395608","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 307.712, Length: 4.096"
"12:26:50,7402834","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 311.808, Length: 4.096"
"12:26:50,7409719","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 315.904, Length: 4.096"
"12:26:50,7420481","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 320.000, Length: 4.096"
"12:26:50,7428132","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 324.096, Length: 4.096"
"12:26:50,7435321","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 328.192, Length: 4.096"
"12:26:50,7441348","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 332.288, Length: 4.096"
"12:26:50,7446563","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 336.384, Length: 4.096"
"12:26:50,7452227","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 340.480, Length: 4.096"
"12:26:50,7457461","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 344.576, Length: 4.096"
"12:26:50,7464262","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 348.672, Length: 4.096"
"12:26:50,7471456","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 352.768, Length: 4.096"
"12:26:50,7478663","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 356.864, Length: 4.096"
"12:26:50,7485908","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 360.960, Length: 4.096"
"12:26:50,7493503","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 365.056, Length: 4.096"
"12:26:50,7500374","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 369.152, Length: 4.096"
"12:26:50,7507936","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 373.248, Length: 4.096"
"12:26:50,7515228","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 377.344, Length: 4.096"
"12:26:50,7522444","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 381.440, Length: 4.096"
"12:26:50,7531256","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 385.536, Length: 4.096"
"12:26:50,7542117","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 389.632, Length: 4.096"
"12:26:50,7548886","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 393.728, Length: 4.096"
"12:26:50,7554899","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 397.824, Length: 4.096"
"12:26:50,7561304","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 401.920, Length: 4.096"
"12:26:50,7568171","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 406.016, Length: 4.096"
"12:26:50,7575397","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 410.112, Length: 4.096"
"12:26:50,7582245","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 414.208, Length: 4.096"
"12:26:50,7591869","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 418.304, Length: 4.096"
"12:26:50,7598274","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 422.400, Length: 4.096"
"12:26:50,7603499","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 426.496, Length: 4.096"
"12:26:50,7609908","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 430.592, Length: 4.096"
"12:26:50,7615894","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 434.688, Length: 4.096"
"12:26:50,7621911","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 438.784, Length: 4.096"
"12:26:50,7629539","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 442.880, Length: 4.096"
"12:26:50,7635141","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 446.976, Length: 4.096"
"12:26:50,7641187","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 451.072, Length: 4.096"
"12:26:50,7648031","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 455.168, Length: 4.096"
"12:26:50,7654837","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 459.264, Length: 4.096"
"12:26:50,7662072","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 463.360, Length: 4.096"
"12:26:50,7668813","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 467.456, Length: 4.096"
"12:26:50,7674444","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 471.552, Length: 4.096"
"12:26:50,7679673","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 475.648, Length: 4.096"
"12:26:50,7684884","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 479.744, Length: 4.096"
"12:26:50,7690095","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 483.840, Length: 4.096"
"12:26:50,7696500","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 487.936, Length: 4.096"
"12:26:50,7702938","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 492.032, Length: 4.096"
"12:26:50,7709744","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 496.128, Length: 4.096"
"12:26:50,7716961","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 500.224, Length: 4.096"
"12:26:50,7723851","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 504.320, Length: 4.096"
"12:26:50,7731436","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 508.416, Length: 4.096"
"12:26:50,7737044","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 512.512, Length: 4.096"
"12:26:50,7742254","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 516.608, Length: 4.096"
"12:26:50,7751099","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 520.704, Length: 4.096"
"12:26:50,7756357","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 524.800, Length: 4.096"
"12:26:50,7766386","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 528.896, Length: 4.096"
"12:26:50,7772008","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 532.992, Length: 4.096"
"12:26:50,7777219","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 537.088, Length: 4.096"
"12:26:50,7782439","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 541.184, Length: 4.096"
"12:26:50,7784197","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.677.632, Length: 8.192"
"12:26:50,7787654","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 545.280, Length: 4.096"
"12:26:50,7788643","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.333.568, Length: 8.192"
"12:26:50,7792870","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 549.376, Length: 4.096"
"12:26:50,7794652","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.333.568, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,7798080","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 553.472, Length: 4.096"
"12:26:50,7804910","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 557.568, Length: 4.096"
"12:26:50,7810513","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 561.664, Length: 4.096"
"12:26:50,7815723","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 565.760, Length: 4.096"
"12:26:50,7820934","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 569.856, Length: 4.096"
"12:26:50,7828893","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 573.952, Length: 4.096"
"12:26:50,7834929","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 578.048, Length: 4.096"
"12:26:50,7840616","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 582.144, Length: 4.096"
"12:26:50,7847763","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 586.240, Length: 4.096"
"12:26:50,7853818","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 590.336, Length: 4.096"
"12:26:50,7861011","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 594.432, Length: 4.096"
"12:26:50,7862061","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.597.440, Length: 8.192"
"12:26:50,7866684","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 598.528, Length: 4.096"
"12:26:50,7869231","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.395.648, Length: 8.192"
"12:26:50,7872249","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 602.624, Length: 4.096"
"12:26:50,7873719","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.395.648, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,7877483","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 606.720, Length: 4.096"
"12:26:50,7885475","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 610.816, Length: 4.096"
"12:26:50,7891562","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 614.912, Length: 4.096"
"12:26:50,7898756","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 619.008, Length: 4.096"
"12:26:50,7905977","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 623.104, Length: 4.096"
"12:26:50,7919431","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 627.200, Length: 4.096"
"12:26:50,7930268","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 631.296, Length: 4.096"
"12:26:50,7938282","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 635.392, Length: 4.096"
"12:26:50,7945900","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 639.488, Length: 4.096"
"12:26:50,7953476","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 643.584, Length: 4.096"
"12:26:50,7955100","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 2.031.616, Length: 8.192"
"12:26:50,7960726","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 647.680, Length: 4.096"
"12:26:50,7968735","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 651.776, Length: 4.096"
"12:26:50,7976372","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 655.872, Length: 4.096"
"12:26:50,7983985","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 659.968, Length: 4.096"
"12:26:50,7990848","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 664.064, Length: 4.096"
"12:26:50,7998083","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 668.160, Length: 4.096"
"12:26:50,8005304","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 672.256, Length: 4.096"
"12:26:50,8012488","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 676.352, Length: 4.096"
"12:26:50,8019351","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 680.448, Length: 4.096"
"12:26:50,8028102","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 684.544, Length: 4.096"
"12:26:50,8036177","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 688.640, Length: 4.096"
"12:26:50,8043763","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 692.736, Length: 4.096"
"12:26:50,8051007","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 696.832, Length: 4.096"
"12:26:50,8058196","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 700.928, Length: 4.096"
"12:26:50,8065422","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 705.024, Length: 4.096"
"12:26:50,8073451","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 709.120, Length: 4.096"
"12:26:50,8081461","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 713.216, Length: 4.096"
"12:26:50,8088355","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 717.312, Length: 4.096"
"12:26:50,8095553","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 721.408, Length: 4.096"
"12:26:50,8103171","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 725.504, Length: 4.096"
"12:26:50,8110402","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 729.600, Length: 4.096"
"12:26:50,8117577","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 733.696, Length: 4.096"
"12:26:50,8123665","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 737.792, Length: 4.096"
"12:26:50,8132463","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 741.888, Length: 4.096"
"12:26:50,8138481","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 745.984, Length: 4.096"
"12:26:50,8144872","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 750.080, Length: 4.096"
"12:26:50,8150493","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 754.176, Length: 4.096"
"12:26:50,8155760","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 758.272, Length: 4.096"
"12:26:50,8160966","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 762.368, Length: 4.096"
"12:26:50,8166172","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 766.464, Length: 4.096"
"12:26:50,8171369","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 770.560, Length: 4.096"
"12:26:50,8176599","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 774.656, Length: 4.096"
"12:26:50,8181814","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 778.752, Length: 4.096"
"12:26:50,8187426","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 782.848, Length: 4.096"
"12:26:50,8193005","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 786.944, Length: 4.096"
"12:26:50,8198277","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 791.040, Length: 4.096"
"12:26:50,8203478","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 795.136, Length: 4.096"
"12:26:50,8209090","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 799.232, Length: 4.096"
"12:26:50,8214338","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 803.328, Length: 4.096"
"12:26:50,8215943","taskmgr.exe","9948","ReadFile","C:\Windows\System32\imm32.dll","SUCCESS","Offset: 132.608, Length: 14.336, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:50,8219549","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 807.424, Length: 4.096"
"12:26:50,8224765","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 811.520, Length: 4.096"
"12:26:50,8231967","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 815.616, Length: 4.096"
"12:26:50,8239142","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 819.712, Length: 4.096"
"12:26:50,8246415","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 823.808, Length: 4.096"
"12:26:50,8249405","taskmgr.exe","9948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,8253613","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 827.904, Length: 4.096"
"12:26:50,8256669","taskmgr.exe","9948","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\KnownClasses","NAME NOT FOUND","Desired Access: Read"
"12:26:50,8260811","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 832.000, Length: 4.096"
"12:26:50,8267664","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 836.096, Length: 4.096"
"12:26:50,8268714","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,8273080","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,8274871","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 840.192, Length: 4.096"
"12:26:50,8276322","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:50,8280348","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:50,8281692","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 844.288, Length: 4.096"
"12:26:50,8283189","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:50,8286758","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:50,8287336","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 848.384, Length: 4.096"
"12:26:50,8294105","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 852.480, Length: 4.096"
"12:26:50,8301392","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 856.576, Length: 4.096"
"12:26:50,8308590","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 860.672, Length: 4.096"
"12:26:50,8315793","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 864.768, Length: 4.096"
"12:26:50,8323005","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 868.864, Length: 4.096"
"12:26:50,8330609","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 872.960, Length: 4.096"
"12:26:50,8338264","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 877.056, Length: 4.096"
"12:26:50,8345490","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 881.152, Length: 4.096"
"12:26:50,8352693","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 885.248, Length: 4.096"
"12:26:50,8359947","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 889.344, Length: 4.096"
"12:26:50,8367164","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 893.440, Length: 4.096"
"12:26:50,8374343","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 897.536, Length: 4.096"
"12:26:50,8381569","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 901.632, Length: 4.096"
"12:26:50,8388054","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 905.728, Length: 4.096"
"12:26:50,8393638","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 909.824, Length: 4.096"
"12:26:50,8399245","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 913.920, Length: 4.096"
"12:26:50,8404866","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 918.016, Length: 4.096"
"12:26:50,8412055","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 922.112, Length: 4.096"
"12:26:50,8419332","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 926.208, Length: 4.096"
"12:26:50,8504338","Explorer.EXE","2816","ReadFile","C:\Windows\System32\shell32.dll","SUCCESS","Offset: 5.038.592, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:50,8523600","Explorer.EXE","2816","QueryNameInformationFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","Name: \Users\WONDER~1\AppData\Local\Temp\Procmon64.exe"
"12:26:50,8534875","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:50,8560855","Explorer.EXE","2816","CreateFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8567316","Explorer.EXE","2816","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","CreationTime: 06.10.2013 12:25:43, LastAccessTime: 06.10.2013 12:25:43, LastWriteTime: 06.10.2013 12:25:47, ChangeTime: 06.10.2013 12:25:47, FileAttributes: HA"
"12:26:50,8569723","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS",""
"12:26:50,8578945","Explorer.EXE","2816","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8585392","Explorer.EXE","2816","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:50,8590990","Explorer.EXE","2816","CloseFile","C:\","SUCCESS",""
"12:26:50,8609809","Explorer.EXE","2816","CreateFile","C:\Users","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8615482","Explorer.EXE","2816","QueryDirectory","C:\Users\WONDER~1","SUCCESS","Filter: WONDER~1, 1: wonderwall"
"12:26:50,8620291","Explorer.EXE","2816","CloseFile","C:\Users","SUCCESS",""
"12:26:50,8638727","Explorer.EXE","2816","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8645506","Explorer.EXE","2816","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:50,8650325","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,8670645","Explorer.EXE","2816","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8676649","Explorer.EXE","2816","QueryDirectory","C:\Users\wonderwall\AppData\Local","SUCCESS","Filter: Local, 1: Local"
"12:26:50,8680694","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,8697539","Explorer.EXE","2816","CreateFile","C:\Users\wonderwall\AppData\Local","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8703193","Explorer.EXE","2816","QueryDirectory","C:\Users\wonderwall\AppData\Local\Temp","SUCCESS","Filter: Temp, 1: Temp"
"12:26:50,8706804","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local","SUCCESS",""
"12:26:50,8722058","Explorer.EXE","2816","QueryNameInformationFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","Name: \Users\WONDER~1\AppData\Local\Temp\Procmon64.exe"
"12:26:50,8766198","Explorer.EXE","2816","CreateFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8773760","Explorer.EXE","2816","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","CreationTime: 06.10.2013 12:25:43, LastAccessTime: 06.10.2013 12:25:43, LastWriteTime: 06.10.2013 12:25:47, ChangeTime: 06.10.2013 12:25:47, FileAttributes: HA"
"12:26:50,8777021","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS",""
"12:26:50,8789430","Explorer.EXE","2816","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8795481","Explorer.EXE","2816","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:50,8800290","Explorer.EXE","2816","CloseFile","C:\","SUCCESS",""
"12:26:50,8818311","Explorer.EXE","2816","CreateFile","C:\Users","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8822528","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,8824362","Explorer.EXE","2816","QueryDirectory","C:\Users\WONDER~1","SUCCESS","Filter: WONDER~1, 1: wonderwall"
"12:26:50,8827730","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,8830981","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:50,8831541","Explorer.EXE","2816","CloseFile","C:\Users","SUCCESS",""
"12:26:50,8834163","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:50,8836939","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:50,8839336","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:50,8842201","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:50,8857175","Explorer.EXE","2816","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8864434","Explorer.EXE","2816","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:50,8870013","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:50,8878518","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:50,8878653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:50,8884218","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,8884717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,8888505","Explorer.EXE","2816","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8888585","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:50,8892172","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:50,8894089","Explorer.EXE","2816","QueryDirectory","C:\Users\wonderwall\AppData\Local","SUCCESS","Filter: Local, 1: Local"
"12:26:50,8894971","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:50,8898890","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:50,8899277","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:50,8902328","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:50,8902939","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:50,8919360","Explorer.EXE","2816","CreateFile","C:\Users\wonderwall\AppData\Local","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:50,8922411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:50,8927029","Explorer.EXE","2816","QueryDirectory","C:\Users\wonderwall\AppData\Local\Temp","SUCCESS","Filter: Temp, 1: Temp"
"12:26:50,8930402","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.005.944, Length: 16.200"
"12:26:50,8932207","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local","SUCCESS",""
"12:26:50,8934843","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.019.328, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,8944233","Explorer.EXE","2816","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:50,8944653","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:50,8948245","Explorer.EXE","2816","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,8951478","Explorer.EXE","2816","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,8954259","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:26:50,8955467","Explorer.EXE","2816","RegOpenKey","HKCU\Software\Classes\Applications\Procmon64.exe","NAME NOT FOUND","Desired Access: Read"
"12:26:50,8958298","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 4.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,8959922","Explorer.EXE","2816","RegOpenKey","HKCR\Applications\Procmon64.exe","NAME NOT FOUND","Desired Access: Read"
"12:26:50,8964144","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,8964690","Explorer.EXE","2816","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:50,8968305","Explorer.EXE","2816","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:50,8972359","Explorer.EXE","2816","RegOpenKey","HKCU\Software\Classes\Applications\Procmon64.exe","NAME NOT FOUND","Desired Access: Read"
"12:26:50,8976749","Explorer.EXE","2816","RegOpenKey","HKCR\Applications\Procmon64.exe","NAME NOT FOUND","Desired Access: Read"
"12:26:50,8981339","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\fltMgr.sys.mui","NO SUCH FILE","Filter: fltMgr.sys.mui"
"12:26:50,8985360","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:50,8986041","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:50,8992512","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.129.576, Length: 16.200"
"12:26:50,9005802","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,9006945","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:50,9010626","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\fltMgr.sys.mui","SUCCESS","Filter: fltMgr.sys.mui, 1: fltmgr.sys.mui"
"12:26:50,9013723","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:50,9015403","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:50,9017749","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 8.192, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:50,9033676","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:50,9041298","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:50,9048538","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:50,9050344","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,9055424","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:50,9056007","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:50,9058344","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:50,9062594","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:50,9064805","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,9068444","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:50,9069451","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:50,9072810","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:50,9076635","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:50,9083465","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:50,9090309","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:50,9097469","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:50,9104080","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,9104322","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:50,9107355","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:50,9109309","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:50,9111170","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:50,9116157","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,9119171","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:50,9120146","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:50,9123416","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:50,9126388","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:50,9128207","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.056.320, Length: 8.192"
"12:26:50,9136105","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:50,9141008","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:50,9143751","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:50,9145878","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:50,9150655","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:50,9151010","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:50,9158208","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:50,9163824","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:50,9169063","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:50,9174283","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:50,9179830","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:50,9181500","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.359.424, Length: 8.192"
"12:26:50,9185050","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:50,9190331","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:50,9195556","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:50,9200766","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:50,9205973","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:50,9209593","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.219.456, Length: 8.192"
"12:26:50,9212275","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:50,9220280","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:50,9227301","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.941.504, Length: 8.192"
"12:26:50,9228313","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:50,9234756","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:50,9240354","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:50,9246334","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:50,9253168","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:50,9259998","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:50,9267182","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:50,9273657","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:50,9280832","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:50,9282665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui","SUCCESS","Offset: 4.096, Length: 1.536"
"12:26:50,9288086","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:50,9293880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:50,9295293","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:50,9302137","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:50,9308985","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:50,9316165","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:50,9323027","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:50,9333010","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:50,9340264","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:50,9347429","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:50,9354702","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:50,9361933","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:50,9369145","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:50,9376744","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:50,9383938","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:50,9390763","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:50,9396771","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:50,9401012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui","SUCCESS","Offset: 4.096, Length: 1.536"
"12:26:50,9402019","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:50,9407235","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:50,9412436","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:50,9417652","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:50,9419028","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.244.032, Length: 8.192"
"12:26:50,9420633","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:50,9422862","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:50,9428899","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:50,9432734","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui","SUCCESS","Offset: 4.096, Length: 1.536"
"12:26:50,9434147","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:50,9439367","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:50,9444569","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:50,9449775","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:50,9454981","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:50,9460196","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:50,9462370","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.329.536, Length: 8.192"
"12:26:50,9465412","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:50,9470623","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 286.720, Length: 4.096"
"12:26:50,9475819","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 290.816, Length: 4.096"
"12:26:50,9480699","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:50,9485901","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 299.008, Length: 4.096"
"12:26:50,9491102","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 303.104, Length: 4.096"
"12:26:50,9496304","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:50,9501510","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 311.296, Length: 4.096"
"12:26:50,9506706","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 315.392, Length: 4.096"
"12:26:50,9511586","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 319.488, Length: 4.096"
"12:26:50,9517142","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 323.584, Length: 4.096"
"12:26:50,9522358","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 327.680, Length: 4.096"
"12:26:50,9528002","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 331.776, Length: 4.096"
"12:26:50,9533628","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 335.872, Length: 4.096"
"12:26:50,9535835","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.589.376, Length: 8.192"
"12:26:50,9538862","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 339.968, Length: 4.096"
"12:26:50,9544073","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 344.064, Length: 4.096"
"12:26:50,9549270","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 348.160, Length: 4.096"
"12:26:50,9553837","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.196.160, Length: 8.192"
"12:26:50,9554495","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 352.256, Length: 4.096"
"12:26:50,9559701","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:50,9564907","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:50,9570113","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 364.544, Length: 4.096"
"12:26:50,9575310","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 368.640, Length: 4.096"
"12:26:50,9580194","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 372.736, Length: 4.096"
"12:26:50,9585778","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 376.832, Length: 4.096"
"12:26:50,9588787","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.580.480, Length: 8.192"
"12:26:50,9590994","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 380.928, Length: 4.096"
"12:26:50,9596200","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 385.024, Length: 4.096"
"12:26:50,9601411","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 389.120, Length: 4.096"
"12:26:50,9606621","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 393.216, Length: 4.096"
"12:26:50,9607195","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 270.336, Length: 8.192"
"12:26:50,9611828","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 397.312, Length: 4.096"
"12:26:50,9617029","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 401.408, Length: 4.096"
"12:26:50,9622244","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 405.504, Length: 4.096"
"12:26:50,9623779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:50,9628290","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 409.600, Length: 4.096"
"12:26:50,9640564","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 413.696, Length: 4.096"
"12:26:50,9648574","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 417.792, Length: 4.096"
"12:26:50,9656234","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 421.888, Length: 4.096"
"12:26:50,9663861","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 425.984, Length: 4.096"
"12:26:50,9671451","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 430.080, Length: 4.096"
"12:26:50,9679032","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 434.176, Length: 4.096"
"12:26:50,9682264","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.850.816, Length: 8.192"
"12:26:50,9686309","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 438.272, Length: 4.096"
"12:26:50,9693512","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 442.368, Length: 4.096"
"12:26:50,9700696","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 446.464, Length: 4.096"
"12:26:50,9708999","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 450.560, Length: 4.096"
"12:26:50,9719874","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 454.656, Length: 4.096"
"12:26:50,9721133","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 131.072, Length: 8.192"
"12:26:50,9729950","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 458.752, Length: 4.096"
"12:26:50,9738398","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 462.848, Length: 4.096"
"12:26:50,9746044","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 466.944, Length: 4.096"
"12:26:50,9753625","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 471.040, Length: 4.096"
"12:26:50,9760898","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 475.136, Length: 4.096"
"12:26:50,9762885","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.220.736, Length: 8.192"
"12:26:50,9768502","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 479.232, Length: 4.096"
"12:26:50,9776078","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 483.328, Length: 4.096"
"12:26:50,9783327","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 487.424, Length: 4.096"
"12:26:50,9790586","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 491.520, Length: 4.096"
"12:26:50,9798157","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 495.616, Length: 4.096"
"12:26:50,9805425","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 499.712, Length: 4.096"
"12:26:50,9812992","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 503.808, Length: 4.096"
"12:26:50,9820260","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 507.904, Length: 4.096"
"12:26:50,9827878","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 512.000, Length: 4.096"
"12:26:50,9835463","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 516.096, Length: 4.096"
"12:26:50,9842736","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 520.192, Length: 4.096"
"12:26:50,9849985","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 524.288, Length: 4.096"
"12:26:50,9859133","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 528.384, Length: 4.096"
"12:26:50,9860374","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.450.112, Length: 8.192"
"12:26:50,9865534","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 532.480, Length: 4.096"
"12:26:50,9870810","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 536.576, Length: 4.096"
"12:26:50,9876356","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 540.672, Length: 4.096"
"12:26:50,9881586","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 544.768, Length: 4.096"
"12:26:50,9887646","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 548.864, Length: 4.096"
"12:26:50,9893234","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 552.960, Length: 4.096"
"12:26:50,9898487","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 557.056, Length: 4.096"
"12:26:50,9904029","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 561.152, Length: 4.096"
"12:26:50,9909301","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 565.248, Length: 4.096"
"12:26:50,9914530","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 569.344, Length: 4.096"
"12:26:50,9919746","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 573.440, Length: 4.096"
"12:26:50,9924970","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 577.536, Length: 4.096"
"12:26:50,9931375","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 581.632, Length: 4.096"
"12:26:50,9938149","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 585.728, Length: 4.096"
"12:26:50,9943402","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 589.824, Length: 4.096"
"12:26:50,9949410","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 593.920, Length: 4.096"
"12:26:50,9954630","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 598.016, Length: 4.096"
"12:26:50,9959832","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 602.112, Length: 4.096"
"12:26:50,9965047","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 606.208, Length: 4.096"
"12:26:50,9970258","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 610.304, Length: 4.096"
"12:26:50,9975460","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 614.400, Length: 4.096"
"12:26:50,9980731","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.802.240, Length: 8.192"
"12:26:50,9981114","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 618.496, Length: 4.096"
"12:26:50,9986665","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 622.592, Length: 4.096"
"12:26:50,9991894","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 626.688, Length: 4.096"
"12:26:50,9994717","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:50,9997138","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 630.784, Length: 4.096"
"12:26:50,9997912","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0000338","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976008, endtime: 976008, seqnum: 0, connid: 0"
"12:26:51,0002363","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 634.880, Length: 4.096"
"12:26:51,0004821","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 32.768, Length: 8.192"
"12:26:51,0007583","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 638.976, Length: 4.096"
"12:26:51,0012789","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 643.072, Length: 4.096"
"12:26:51,0017995","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 647.168, Length: 4.096"
"12:26:51,0020048","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.548.416, Length: 8.192"
"12:26:51,0023197","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 651.264, Length: 4.096"
"12:26:51,0024060","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0026000","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0027600","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0028473","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 655.360, Length: 4.096"
"12:26:51,0028879","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0030479","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0033278","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0035251","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976008, endtime: 976008, seqnum: 0, connid: 0"
"12:26:51,0037285","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 659.456, Length: 4.096"
"12:26:51,0046377","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 663.552, Length: 4.096"
"12:26:51,0050897","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.719.744, Length: 8.192"
"12:26:51,0051742","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0053762","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0055329","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0056402","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 667.648, Length: 4.096"
"12:26:51,0057330","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976008, endtime: 976008, seqnum: 0, connid: 0"
"12:26:51,0063586","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 671.744, Length: 4.096"
"12:26:51,0069627","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 675.840, Length: 4.096"
"12:26:51,0076060","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 679.936, Length: 4.096"
"12:26:51,0076989","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.389.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0079788","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.389.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0081826","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.389.299, Length: 2.920"
"12:26:51,0084635","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.392.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0086081","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 684.032, Length: 4.096"
"12:26:51,0091338","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 688.128, Length: 4.096"
"12:26:51,0096540","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 692.224, Length: 4.096"
"12:26:51,0101774","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 696.320, Length: 4.096"
"12:26:51,0108561","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 700.416, Length: 4.096"
"12:26:51,0113917","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.407.296, Length: 8.192"
"12:26:51,0114556","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 704.512, Length: 4.096"
"12:26:51,0119771","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 708.608, Length: 4.096"
"12:26:51,0124977","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 712.704, Length: 4.096"
"12:26:51,0127161","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 11.247.616, Length: 8.192"
"12:26:51,0133799","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 716.800, Length: 4.096"
"12:26:51,0139836","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 720.896, Length: 4.096"
"12:26:51,0147906","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 724.992, Length: 4.096"
"12:26:51,0153462","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 729.088, Length: 4.096"
"12:26:51,0158351","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 733.184, Length: 4.096"
"12:26:51,0163548","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 737.280, Length: 4.096"
"12:26:51,0169122","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 741.376, Length: 4.096"
"12:26:51,0171156","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.392.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0174310","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.392.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0176367","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.392.219, Length: 8.760"
"12:26:51,0177729","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 745.472, Length: 4.096"
"12:26:51,0179936","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.400.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0185837","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 749.568, Length: 4.096"
"12:26:51,0191776","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 753.664, Length: 4.096"
"12:26:51,0197024","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 757.760, Length: 4.096"
"12:26:51,0202239","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 761.856, Length: 4.096"
"12:26:51,0207441","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 765.952, Length: 4.096"
"12:26:51,0210156","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.400.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0212670","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 770.048, Length: 4.096"
"12:26:51,0212950","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.400.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0214587","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.400.979, Length: 4.380"
"12:26:51,0217909","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 774.144, Length: 4.096"
"12:26:51,0218138","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.405.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0223124","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 778.240, Length: 4.096"
"12:26:51,0229487","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 782.336, Length: 4.096"
"12:26:51,0234712","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 786.432, Length: 4.096"
"12:26:51,0239601","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 790.528, Length: 4.096"
"12:26:51,0244803","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 794.624, Length: 4.096"
"12:26:51,0250013","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 798.720, Length: 4.096"
"12:26:51,0255224","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 802.816, Length: 4.096"
"12:26:51,0260435","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 806.912, Length: 4.096"
"12:26:51,0265641","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 811.008, Length: 4.096"
"12:26:51,0270857","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 815.104, Length: 4.096"
"12:26:51,0276067","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 819.200, Length: 4.096"
"12:26:51,0278461","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.818.624, Length: 8.192"
"12:26:51,0281278","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 823.296, Length: 4.096"
"12:26:51,0286480","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 827.392, Length: 4.096"
"12:26:51,0290818","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.638.400, Length: 8.192"
"12:26:51,0291695","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 831.488, Length: 4.096"
"12:26:51,0296887","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 835.584, Length: 4.096"
"12:26:51,0302145","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 839.680, Length: 4.096"
"12:26:51,0302485","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.245.312, Length: 8.192"
"12:26:51,0307370","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 843.776, Length: 4.096"
"12:26:51,0312935","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 847.872, Length: 4.096"
"12:26:51,0318169","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 851.968, Length: 4.096"
"12:26:51,0320152","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.252.224, Length: 8.192"
"12:26:51,0323389","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 856.064, Length: 4.096"
"12:26:51,0331670","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 860.160, Length: 4.096"
"12:26:51,0338826","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 864.256, Length: 4.096"
"12:26:51,0344107","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 868.352, Length: 4.096"
"12:26:51,0349327","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 872.448, Length: 4.096"
"12:26:51,0354537","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 876.544, Length: 4.096"
"12:26:51,0359744","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 880.640, Length: 4.096"
"12:26:51,0364674","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.179.072, Length: 8.192"
"12:26:51,0364968","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 884.736, Length: 4.096"
"12:26:51,0370175","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 888.832, Length: 4.096"
"12:26:51,0375381","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 892.928, Length: 4.096"
"12:26:51,0380587","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 897.024, Length: 4.096"
"12:26:51,0385802","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 901.120, Length: 4.096"
"12:26:51,0391008","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 905.216, Length: 4.096"
"12:26:51,0396205","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 909.312, Length: 4.096"
"12:26:51,0401089","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 913.408, Length: 4.096"
"12:26:51,0404817","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.187.968, Length: 8.192"
"12:26:51,0406300","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 917.504, Length: 4.096"
"12:26:51,0411497","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 921.600, Length: 4.096"
"12:26:51,0416703","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 925.696, Length: 4.096"
"12:26:51,0421905","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 929.792, Length: 4.096"
"12:26:51,0427489","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 933.888, Length: 4.096"
"12:26:51,0433544","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 937.984, Length: 4.096"
"12:26:51,0438773","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 942.080, Length: 4.096"
"12:26:51,0443984","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 946.176, Length: 4.096"
"12:26:51,0449181","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 950.272, Length: 4.096"
"12:26:51,0452498","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.415.488, Length: 8.192"
"12:26:51,0454392","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 954.368, Length: 4.096"
"12:26:51,0459593","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 958.464, Length: 4.096"
"12:26:51,0464473","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 962.560, Length: 4.096"
"12:26:51,0469670","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 966.656, Length: 4.096"
"12:26:51,0474871","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 970.752, Length: 4.096"
"12:26:51,0480082","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 974.848, Length: 4.096"
"12:26:51,0484640","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.776.064, Length: 8.192"
"12:26:51,0485680","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 978.944, Length: 4.096"
"12:26:51,0490905","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 983.040, Length: 4.096"
"12:26:51,0496102","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 987.136, Length: 4.096"
"12:26:51,0500981","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 991.232, Length: 4.096"
"12:26:51,0506183","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 995.328, Length: 4.096"
"12:26:51,0511379","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 999.424, Length: 4.096"
"12:26:51,0516581","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.003.520, Length: 4.096"
"12:26:51,0521815","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.007.616, Length: 4.096"
"12:26:51,0527847","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.011.712, Length: 4.096"
"12:26:51,0534686","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.015.808, Length: 4.096"
"12:26:51,0541483","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.019.904, Length: 4.096"
"12:26:51,0548639","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.024.000, Length: 4.096"
"12:26:51,0555090","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.028.096, Length: 4.096"
"12:26:51,0561892","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.032.192, Length: 4.096"
"12:26:51,0568754","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.036.288, Length: 4.096"
"12:26:51,0575281","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.268.608, Length: 8.192"
"12:26:51,0575607","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.040.384, Length: 4.096"
"12:26:51,0584802","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.044.480, Length: 4.096"
"12:26:51,0591184","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.048.576, Length: 4.096"
"12:26:51,0606429","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.052.672, Length: 4.096"
"12:26:51,0611668","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.056.768, Length: 4.096"
"12:26:51,0616888","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.060.864, Length: 4.096"
"12:26:51,0618651","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.032.320, Length: 8.192"
"12:26:51,0622112","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.064.960, Length: 4.096"
"12:26:51,0627766","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.069.056, Length: 4.096"
"12:26:51,0633299","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.073.152, Length: 4.096"
"12:26:51,0638197","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.077.248, Length: 4.096"
"12:26:51,0643413","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.081.344, Length: 4.096"
"12:26:51,0645139","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.581.184, Length: 8.192"
"12:26:51,0648624","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.085.440, Length: 4.096"
"12:26:51,0653825","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.089.536, Length: 4.096"
"12:26:51,0656708","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0659031","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.093.632, Length: 4.096"
"12:26:51,0659516","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0661532","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976008, endtime: 976008, seqnum: 0, connid: 0"
"12:26:51,0664233","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.097.728, Length: 4.096"
"12:26:51,0669430","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.101.824, Length: 4.096"
"12:26:51,0674631","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.105.920, Length: 4.096"
"12:26:51,0677943","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0679562","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0679888","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.110.016, Length: 4.096"
"12:26:51,0680733","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0681582","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0682748","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0683994","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976008, endtime: 976008, seqnum: 0, connid: 0"
"12:26:51,0685099","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.114.112, Length: 4.096"
"12:26:51,0690310","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.118.208, Length: 4.096"
"12:26:51,0695507","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.122.304, Length: 4.096"
"12:26:51,0700699","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.126.400, Length: 4.096"
"12:26:51,0705588","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.130.496, Length: 4.096"
"12:26:51,0710789","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.134.592, Length: 4.096"
"12:26:51,0715996","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.138.688, Length: 4.096"
"12:26:51,0718594","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.405.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0721216","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.142.784, Length: 4.096"
"12:26:51,0721818","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.405.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0723455","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.405.359, Length: 2.920"
"12:26:51,0726860","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.146.880, Length: 4.096"
"12:26:51,0727024","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.408.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0732426","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.150.976, Length: 4.096"
"12:26:51,0737632","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.155.072, Length: 4.096"
"12:26:51,0742516","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.159.168, Length: 2.048"
"12:26:51,0750129","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.275.538, Length: 16.200"
"12:26:51,0755023","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.606.336, Length: 8.192"
"12:26:51,0759128","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.408.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0761960","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.408.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0764012","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.408.279, Length: 4.380"
"12:26:51,0767222","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.412.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0769769","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,0775745","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 86.688, Length: 4.096"
"12:26:51,0781352","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:26:51,0785429","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.412.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0787902","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.412.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0789847","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.412.659, Length: 2.920"
"12:26:51,0792712","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.415.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,0812384","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.423.680, Length: 8.192"
"12:26:51,0812678","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,0837318","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.449.536, Length: 8.192"
"12:26:51,0853193","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 651.264, Length: 4.096"
"12:26:51,0856846","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 663.552, Length: 4.096"
"12:26:51,0861670","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 655.360, Length: 4.096"
"12:26:51,0864870","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 661.504, Length: 4.096"
"12:26:51,0876504","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 667.648, Length: 4.096"
"12:26:51,0888470","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 657.408, Length: 4.096"
"12:26:51,0895892","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.793.472, Length: 8.192"
"12:26:51,0897721","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 669.696, Length: 4.096"
"12:26:51,0930231","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 673.792, Length: 4.096"
"12:26:51,0950659","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 653.312, Length: 4.096"
"12:26:51,0963959","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 677.888, Length: 4.096"
"12:26:51,0973228","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0975682","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,0976377","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 659.456, Length: 4.096"
"12:26:51,0978010","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976009, endtime: 976009, seqnum: 0, connid: 0"
"12:26:51,0983216","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 679.936, Length: 4.096"
"12:26:51,1005753","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 3.284.992, Length: 8.192"
"12:26:51,1016048","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 684.032, Length: 4.096"
"12:26:51,1018218","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.933.312, Length: 8.192"
"12:26:51,1025546","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.415.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1029544","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.415.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1031984","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.415.579, Length: 2.920"
"12:26:51,1035987","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.418.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1047752","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 688.128, Length: 4.096"
"12:26:51,1077850","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 692.224, Length: 4.096"
"12:26:51,1097294","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 15.163.392, Length: 8.192"
"12:26:51,1132986","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.572.416, Length: 8.192"
"12:26:51,1139685","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.013.760, Length: 4.096"
"12:26:51,1144905","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.021.952, Length: 4.096"
"12:26:51,1148114","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 634.880, Length: 4.096"
"12:26:51,1157319","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.024.000, Length: 4.096"
"12:26:51,1181805","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.028.096, Length: 4.096"
"12:26:51,1192180","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 636.928, Length: 4.096"
"12:26:51,1196663","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.030.144, Length: 4.096"
"12:26:51,1206282","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.017.856, Length: 4.096"
"12:26:51,1211036","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.032.192, Length: 4.096"
"12:26:51,1220063","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.325.376, Length: 8.192"
"12:26:51,1240393","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 638.976, Length: 4.096"
"12:26:51,1257164","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.036.288, Length: 4.096"
"12:26:51,1272861","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.019.904, Length: 4.096"
"12:26:51,1291689","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.038.336, Length: 4.096"
"12:26:51,1292972","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1296135","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1298164","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976009, endtime: 976009, seqnum: 0, connid: 0"
"12:26:51,1310195","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1312546","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1314216","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976009, endtime: 976009, seqnum: 0, connid: 0"
"12:26:51,1327829","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 641.024, Length: 4.096"
"12:26:51,1341539","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:51,1345948","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,1349106","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:26:51,1352726","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:26:51,1355530","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,1357508","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.042.432, Length: 4.096"
"12:26:51,1364076","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.418.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1367673","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.418.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1370439","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.418.499, Length: 2.920"
"12:26:51,1374054","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.421.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1379130","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.127.936, Length: 4.096"
"12:26:51,1381700","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.813.440, Length: 8.192"
"12:26:51,1388814","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,1393228","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 84.992, Length: 4.096"
"12:26:51,1396978","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.784.256, Length: 8.192"
"12:26:51,1420233","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 4.431.872, Length: 8.192"
"12:26:51,1447822","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:51,1455216","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.421.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1457693","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.421.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1459634","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.421.419, Length: 2.920"
"12:26:51,1462451","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.424.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1465820","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 643.072, Length: 4.096"
"12:26:51,1497509","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 86.688, Length: 4.096"
"12:26:51,1499571","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,1507124","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.083.392, Length: 4.096"
"12:26:51,1510758","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 86.688, Length: 4.096"
"12:26:51,1525648","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,1530467","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:51,1534876","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:51,1539648","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:51,1543804","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 3.129.344, Length: 8.192"
"12:26:51,1544103","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:51,1548857","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:51,1553293","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:51,1557725","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:51,1562152","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:51,1566901","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:51,1571328","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:51,1575755","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:51,1580182","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:51,1584609","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:51,1589363","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:51,1589521","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 14.262.272, Length: 8.192"
"12:26:51,1593799","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:51,1598254","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:51,1603008","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:51,1607435","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:51,1611871","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:51,1612035","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1614852","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1616303","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:51,1616868","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976009, endtime: 976009, seqnum: 0, connid: 0"
"12:26:51,1620716","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:51,1624061","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 2.203.648, Length: 8.192"
"12:26:51,1625134","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:51,1626412","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1629277","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976009, endtime: 976009, seqnum: 0, connid: 0"
"12:26:51,1629920","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:51,1634707","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:51,1639134","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:51,1643561","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:51,1647339","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.358.848, Length: 8.192"
"12:26:51,1647997","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:51,1652415","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:51,1656833","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:51,1661255","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:51,1665995","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:51,1670426","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:51,1674858","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:51,1677555","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.424.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1679304","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:51,1680377","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.424.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1682332","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.424.339, Length: 2.920"
"12:26:51,1684058","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:51,1685966","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.427.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1688494","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:51,1692916","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:51,1697339","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:51,1701757","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:51,1706165","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:51,1710583","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:51,1714842","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.427.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1715350","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:51,1717650","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.427.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1719596","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.427.259, Length: 1.460"
"12:26:51,1719805","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:51,1722059","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.428.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1724233","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:51,1729411","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:51,1733847","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:51,1736767","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,1738279","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:51,1740014","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,1742412","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,1743028","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:51,1745248","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,1747259","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,1747889","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:51,1749666","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,1752717","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:51,1757144","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:51,1761870","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:51,1766297","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:51,1770724","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:51,1775151","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:51,1779578","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:51,1784005","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:51,1788432","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:51,1793167","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:51,1797594","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:51,1802017","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:51,1806444","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:51,1810871","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:51,1815293","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:51,1820089","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:51,1824521","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:51,1829307","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:51,1833734","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:51,1838157","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:51,1842584","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 286.720, Length: 4.096"
"12:26:51,1847011","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 290.816, Length: 4.096"
"12:26:51,1851741","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:51,1856163","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 299.008, Length: 4.096"
"12:26:51,1860581","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 303.104, Length: 4.096"
"12:26:51,1865004","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:51,1869431","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 311.296, Length: 4.096"
"12:26:51,1873853","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 315.392, Length: 4.096"
"12:26:51,1878280","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 319.488, Length: 4.096"
"12:26:51,1882698","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 323.584, Length: 4.096"
"12:26:51,1887120","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 327.680, Length: 4.096"
"12:26:51,1891547","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 331.776, Length: 4.096"
"12:26:51,1896282","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 335.872, Length: 4.096"
"12:26:51,1900696","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 339.968, Length: 4.096"
"12:26:51,1905118","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 344.064, Length: 4.096"
"12:26:51,1909536","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 348.160, Length: 4.096"
"12:26:51,1913963","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 352.256, Length: 4.096"
"12:26:51,1918399","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:51,1923171","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:51,1927622","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 364.544, Length: 4.096"
"12:26:51,1932180","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,1933211","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 368.640, Length: 4.096"
"12:26:51,1934512","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1937008","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,1937726","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1938030","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 372.736, Length: 4.096"
"12:26:51,1940539","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976010, endtime: 976010, seqnum: 0, connid: 0"
"12:26:51,1940609","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,1942475","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 376.832, Length: 4.096"
"12:26:51,1944621","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,1947224","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 380.928, Length: 4.096"
"12:26:51,1947779","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,1951031","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,1951665","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 385.024, Length: 4.096"
"12:26:51,1956088","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 389.120, Length: 4.096"
"12:26:51,1957039","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1959782","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1960515","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 393.216, Length: 4.096"
"12:26:51,1961396","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,1963006","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976010, endtime: 976010, seqnum: 0, connid: 0"
"12:26:51,1964947","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 397.312, Length: 4.096"
"12:26:51,1969374","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 401.408, Length: 4.096"
"12:26:51,1974104","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 405.504, Length: 4.096"
"12:26:51,1978536","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 409.600, Length: 4.096"
"12:26:51,1982958","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 413.696, Length: 4.096"
"12:26:51,1987376","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 417.792, Length: 4.096"
"12:26:51,1991803","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 421.888, Length: 4.096"
"12:26:51,1994681","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.428.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,1996244","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 425.984, Length: 4.096"
"12:26:51,1998297","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.428.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2000312","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.428.719, Length: 2.920"
"12:26:51,2000998","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 430.080, Length: 4.096"
"12:26:51,2003153","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.431.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2005434","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 434.176, Length: 4.096"
"12:26:51,2009861","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 438.272, Length: 4.096"
"12:26:51,2014288","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 442.368, Length: 4.096"
"12:26:51,2018706","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 446.464, Length: 4.096"
"12:26:51,2023124","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 450.560, Length: 4.096"
"12:26:51,2027863","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 454.656, Length: 4.096"
"12:26:51,2032295","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 458.752, Length: 4.096"
"12:26:51,2036349","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.431.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2036750","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 462.848, Length: 4.096"
"12:26:51,2039932","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.431.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2041527","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 466.944, Length: 4.096"
"12:26:51,2041975","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.431.639, Length: 4.380"
"12:26:51,2046766","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 471.040, Length: 4.096"
"12:26:51,2047998","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.436.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2051207","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 475.136, Length: 4.096"
"12:26:51,2055629","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 479.232, Length: 4.096"
"12:26:51,2060374","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 483.328, Length: 4.096"
"12:26:51,2064792","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 487.424, Length: 4.096"
"12:26:51,2069209","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 491.520, Length: 4.096"
"12:26:51,2073627","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 495.616, Length: 4.096"
"12:26:51,2078054","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 499.712, Length: 4.096"
"12:26:51,2082477","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 503.808, Length: 4.096"
"12:26:51,2086904","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 507.904, Length: 4.096"
"12:26:51,2091321","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 512.000, Length: 4.096"
"12:26:51,2095744","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 516.096, Length: 4.096"
"12:26:51,2100171","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 520.192, Length: 4.096"
"12:26:51,2104911","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 524.288, Length: 4.096"
"12:26:51,2109333","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 528.384, Length: 4.096"
"12:26:51,2113760","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 532.480, Length: 4.096"
"12:26:51,2118187","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 536.576, Length: 4.096"
"12:26:51,2122614","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 540.672, Length: 4.096"
"12:26:51,2127363","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 544.768, Length: 4.096"
"12:26:51,2131823","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 548.864, Length: 4.096"
"12:26:51,2136250","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 552.960, Length: 4.096"
"12:26:51,2140668","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 557.056, Length: 4.096"
"12:26:51,2145086","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 561.152, Length: 4.096"
"12:26:51,2149499","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 565.248, Length: 4.096"
"12:26:51,2153912","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 569.344, Length: 4.096"
"12:26:51,2157056","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,2158334","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 573.440, Length: 4.096"
"12:26:51,2160667","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,2163097","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 577.536, Length: 4.096"
"12:26:51,2163815","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,2167566","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 581.632, Length: 4.096"
"12:26:51,2169357","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,2171779","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,2172310","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 585.728, Length: 4.096"
"12:26:51,2174204","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,2176738","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 589.824, Length: 4.096"
"12:26:51,2181165","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 593.920, Length: 4.096"
"12:26:51,2185587","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 598.016, Length: 4.096"
"12:26:51,2190014","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 602.112, Length: 4.096"
"12:26:51,2194432","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 606.208, Length: 4.096"
"12:26:51,2198850","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 610.304, Length: 4.096"
"12:26:51,2203267","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 614.400, Length: 4.096"
"12:26:51,2207694","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 618.496, Length: 4.096"
"12:26:51,2212415","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 622.592, Length: 4.096"
"12:26:51,2216838","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 626.688, Length: 4.096"
"12:26:51,2221256","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 630.784, Length: 4.096"
"12:26:51,2225669","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 634.880, Length: 4.096"
"12:26:51,2230138","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 638.976, Length: 4.096"
"12:26:51,2234551","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 643.072, Length: 4.096"
"12:26:51,2238959","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 647.168, Length: 4.096"
"12:26:51,2243386","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 651.264, Length: 4.096"
"12:26:51,2247790","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 655.360, Length: 4.096"
"12:26:51,2252203","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 659.456, Length: 4.096"
"12:26:51,2256612","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 663.552, Length: 4.096"
"12:26:51,2259989","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2261020","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 667.648, Length: 4.096"
"12:26:51,2263194","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2265219","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976010, endtime: 976010, seqnum: 0, connid: 0"
"12:26:51,2265424","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 671.744, Length: 4.096"
"12:26:51,2269837","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 675.840, Length: 4.096"
"12:26:51,2274250","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 679.936, Length: 4.096"
"12:26:51,2278658","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 684.032, Length: 4.096"
"12:26:51,2279848","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2282698","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2283109","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 688.128, Length: 4.096"
"12:26:51,2285110","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976010, endtime: 976010, seqnum: 0, connid: 0"
"12:26:51,2287508","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 692.224, Length: 4.096"
"12:26:51,2291912","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 696.320, Length: 4.096"
"12:26:51,2296339","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 700.416, Length: 4.096"
"12:26:51,2300757","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 704.512, Length: 4.096"
"12:26:51,2305170","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 708.608, Length: 4.096"
"12:26:51,2309597","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 712.704, Length: 4.096"
"12:26:51,2314332","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 716.800, Length: 4.096"
"12:26:51,2318749","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 720.896, Length: 4.096"
"12:26:51,2323172","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 724.992, Length: 4.096"
"12:26:51,2328023","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 729.088, Length: 4.096"
"12:26:51,2332814","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 733.184, Length: 4.096"
"12:26:51,2336318","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.436.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2337260","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 737.280, Length: 4.096"
"12:26:51,2339929","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.436.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2341948","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.436.019, Length: 2.920"
"12:26:51,2342018","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 741.376, Length: 4.096"
"12:26:51,2345158","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.438.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2346464","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 745.472, Length: 4.096"
"12:26:51,2350891","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 749.568, Length: 4.096"
"12:26:51,2355309","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 753.664, Length: 4.096"
"12:26:51,2359722","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 757.760, Length: 4.096"
"12:26:51,2364135","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 761.856, Length: 4.096"
"12:26:51,2368548","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 765.952, Length: 4.096"
"12:26:51,2370512","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.438.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2372985","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 770.048, Length: 4.096"
"12:26:51,2373703","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.438.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2376087","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.438.939, Length: 1.460"
"12:26:51,2377771","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 774.144, Length: 4.096"
"12:26:51,2379306","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.440.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2382198","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 778.240, Length: 4.096"
"12:26:51,2386616","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 782.336, Length: 4.096"
"12:26:51,2391043","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 786.432, Length: 4.096"
"12:26:51,2395773","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 790.528, Length: 4.096"
"12:26:51,2399151","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,2400205","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 794.624, Length: 4.096"
"12:26:51,2402743","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,2404637","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 798.720, Length: 4.096"
"12:26:51,2405164","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,2408201","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.440.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2409115","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,2410515","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 802.816, Length: 4.096"
"12:26:51,2411191","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,2412558","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.440.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2413594","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,2414559","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.440.399, Length: 1.460"
"12:26:51,2416962","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.441.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2418496","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 806.912, Length: 4.096"
"12:26:51,2423665","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 811.008, Length: 4.096"
"12:26:51,2428531","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 815.104, Length: 4.096"
"12:26:51,2432977","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 819.200, Length: 4.096"
"12:26:51,2437726","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 823.296, Length: 4.096"
"12:26:51,2442153","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 827.392, Length: 4.096"
"12:26:51,2446584","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 831.488, Length: 4.096"
"12:26:51,2451011","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 835.584, Length: 4.096"
"12:26:51,2455439","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 839.680, Length: 4.096"
"12:26:51,2459866","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 843.776, Length: 4.096"
"12:26:51,2464601","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 847.872, Length: 4.096"
"12:26:51,2469028","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 851.968, Length: 4.096"
"12:26:51,2473459","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 856.064, Length: 4.096"
"12:26:51,2477891","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 860.160, Length: 4.096"
"12:26:51,2482314","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 864.256, Length: 4.096"
"12:26:51,2486731","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 868.352, Length: 4.096"
"12:26:51,2491158","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 872.448, Length: 4.096"
"12:26:51,2495893","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 876.544, Length: 4.096"
"12:26:51,2500316","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 880.640, Length: 4.096"
"12:26:51,2504738","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 884.736, Length: 4.096"
"12:26:51,2509165","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 888.832, Length: 4.096"
"12:26:51,2513592","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 892.928, Length: 4.096"
"12:26:51,2518024","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 897.024, Length: 4.096"
"12:26:51,2522451","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 901.120, Length: 4.096"
"12:26:51,2527233","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 905.216, Length: 4.096"
"12:26:51,2532015","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 909.312, Length: 4.096"
"12:26:51,2536442","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 913.408, Length: 4.096"
"12:26:51,2540873","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 917.504, Length: 4.096"
"12:26:51,2545296","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 921.600, Length: 4.096"
"12:26:51,2549718","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 925.696, Length: 4.096"
"12:26:51,2554458","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 929.792, Length: 4.096"
"12:26:51,2558894","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 933.888, Length: 4.096"
"12:26:51,2563312","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 937.984, Length: 4.096"
"12:26:51,2567739","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 942.080, Length: 4.096"
"12:26:51,2572166","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 946.176, Length: 4.096"
"12:26:51,2576598","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 950.272, Length: 4.096"
"12:26:51,2577871","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2581086","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976010, endtime: 976010, seqnum: 0, connid: 0"
"12:26:51,2581361","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 954.368, Length: 4.096"
"12:26:51,2585783","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 958.464, Length: 4.096"
"12:26:51,2590215","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 962.560, Length: 4.096"
"12:26:51,2594642","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 966.656, Length: 4.096"
"12:26:51,2598374","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2599060","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 970.752, Length: 4.096"
"12:26:51,2600786","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2602377","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2603487","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 974.848, Length: 4.096"
"12:26:51,2603935","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2605931","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976010, endtime: 976010, seqnum: 0, connid: 0"
"12:26:51,2607909","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 978.944, Length: 4.096"
"12:26:51,2612644","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 983.040, Length: 4.096"
"12:26:51,2617076","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 987.136, Length: 4.096"
"12:26:51,2621909","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 991.232, Length: 4.096"
"12:26:51,2626523","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,2630563","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 995.328, Length: 4.096"
"12:26:51,2631351","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,2633455","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.441.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2634966","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,2636674","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.441.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2638526","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 999.424, Length: 4.096"
"12:26:51,2638661","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.441.859, Length: 1.460"
"12:26:51,2638978","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,2642193","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,2642617","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.443.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2644609","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.003.520, Length: 4.096"
"12:26:51,2646792","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,2649778","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.007.616, Length: 4.096"
"12:26:51,2654242","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.011.712, Length: 4.096"
"12:26:51,2658665","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.015.808, Length: 4.096"
"12:26:51,2663404","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.019.904, Length: 4.096"
"12:26:51,2667813","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.024.000, Length: 4.096"
"12:26:51,2672655","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.028.096, Length: 4.096"
"12:26:51,2674180","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.443.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2676984","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.443.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2677856","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.032.192, Length: 4.096"
"12:26:51,2679027","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.443.319, Length: 1.460"
"12:26:51,2681850","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.444.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2682321","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.036.288, Length: 4.096"
"12:26:51,2686729","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.040.384, Length: 4.096"
"12:26:51,2691142","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.044.480, Length: 4.096"
"12:26:51,2695546","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.048.576, Length: 4.096"
"12:26:51,2699964","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.052.672, Length: 4.096"
"12:26:51,2704368","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.056.768, Length: 4.096"
"12:26:51,2709159","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.060.864, Length: 4.096"
"12:26:51,2710810","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.444.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2713950","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.444.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2714416","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.064.960, Length: 4.096"
"12:26:51,2715993","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.444.779, Length: 4.380"
"12:26:51,2719202","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.449.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,2719967","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.069.056, Length: 4.096"
"12:26:51,2724432","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.073.152, Length: 4.096"
"12:26:51,2730058","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.077.248, Length: 4.096"
"12:26:51,2734863","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.081.344, Length: 4.096"
"12:26:51,2739285","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.085.440, Length: 4.096"
"12:26:51,2746488","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.089.536, Length: 4.096"
"12:26:51,2750924","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.093.632, Length: 4.096"
"12:26:51,2755323","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.097.728, Length: 4.096"
"12:26:51,2759732","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.101.824, Length: 4.096"
"12:26:51,2764136","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.105.920, Length: 4.096"
"12:26:51,2768549","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.110.016, Length: 4.096"
"12:26:51,2772952","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.114.112, Length: 4.096"
"12:26:51,2777356","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.118.208, Length: 4.096"
"12:26:51,2781755","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.122.304, Length: 4.096"
"12:26:51,2786154","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.126.400, Length: 4.096"
"12:26:51,2790250","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.130.496, Length: 4.096"
"12:26:51,2794645","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.134.592, Length: 4.096"
"12:26:51,2799048","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.138.688, Length: 4.096"
"12:26:51,2803452","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.142.784, Length: 4.096"
"12:26:51,2807861","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.146.880, Length: 4.096"
"12:26:51,2812264","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.150.976, Length: 4.096"
"12:26:51,2816668","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.155.072, Length: 4.096"
"12:26:51,2821072","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.159.168, Length: 2.048"
"12:26:51,2844014","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 86.688, Length: 4.096"
"12:26:51,2856185","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,2859456","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,2861867","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,2865021","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,2867036","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,2868048","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 1.087.488, Length: 4.096"
"12:26:51,2869425","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,2940608","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2943822","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976011, endtime: 976011, seqnum: 0, connid: 0"
"12:26:51,2951538","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 89.088, Length: 4.096"
"12:26:51,2957178","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 93.184, Length: 4.096"
"12:26:51,2962725","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 97.280, Length: 4.096"
"12:26:51,2963191","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2965589","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2966811","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2967991","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,2969148","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 140.288, Length: 4.096"
"12:26:51,2969624","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976011, endtime: 976011, seqnum: 0, connid: 0"
"12:26:51,2975969","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 99.328, Length: 4.096"
"12:26:51,2987258","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 136.192, Length: 4.096"
"12:26:51,2997670","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.449.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3000838","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.449.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3002895","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.449.159, Length: 1.460"
"12:26:51,3006454","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.450.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3012062","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 111.616, Length: 4.096"
"12:26:51,3039193","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.450.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3041992","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.454.272, EndOfFile: 406.450.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3046797","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.450.619, Length: 4.380, Priority: Normal"
"12:26:51,3067720","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.454.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3075450","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.454.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3078272","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.454.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3079919","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.454.999, Length: 1.460"
"12:26:51,3082993","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,3083124","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.456.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3086594","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,3089015","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,3091838","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,3093862","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,3096237","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,3255500","SavService.exe","1536","ReadFile","C:\Windows\System32\kernel32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,3317129","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3320334","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976011, endtime: 976011, seqnum: 0, connid: 0"
"12:26:51,3330583","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,3335020","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,3336396","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3338229","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,3338383","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3339568","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3340417","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3341816","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,3341980","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976011, endtime: 976011, seqnum: 0, connid: 0"
"12:26:51,3346635","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,3351174","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,3447913","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.456.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3453240","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.456.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3455656","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.456.459, Length: 1.460"
"12:26:51,3458460","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.457.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3482587","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.457.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3485410","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.457.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3487043","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.457.919, Length: 5.840"
"12:26:51,3491414","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.463.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3564398","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,3567985","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,3570397","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,3573228","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,3575244","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,3577623","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,3645149","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3647990","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3650327","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976011, endtime: 976011, seqnum: 0, connid: 0"
"12:26:51,3695951","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3698358","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3700345","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976011, endtime: 976011, seqnum: 0, connid: 0"
"12:26:51,3708411","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3710757","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976011, endtime: 976011, seqnum: 0, connid: 0"
"12:26:51,3767241","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.463.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3770063","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.463.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3773343","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.463.759, Length: 2.920"
"12:26:51,3782090","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.466.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3796169","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.466.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3798170","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.466.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3799761","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.466.679, Length: 2.920"
"12:26:51,3802191","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.469.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3822638","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,3829864","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,3833475","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:51,3836675","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:51,3839105","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:51,3841550","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:51,3844675","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:51,3850661","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.469.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3853455","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.469.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3855111","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.469.599, Length: 1.460"
"12:26:51,3858251","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.471.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,3865575","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,3869213","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,3872372","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,3875973","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,3878408","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,3881249","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,3888009","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:51,3899237","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:26:51,3902512","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 4.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:51,3941260","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,3950688","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 380.436, Length: 16.200"
"12:26:51,3955138","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 376.832, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:51,3972893","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3976056","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976012, endtime: 976012, seqnum: 0, connid: 0"
"12:26:51,3982125","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:51,3986505","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:51,3989318","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976012, endtime: 976012, seqnum: 0, connid: 0"
"12:26:51,3990480","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:51,3999880","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 8.192, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:51,4017425","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:51,4024730","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:51,4032736","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:51,4039929","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:51,4046796","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:51,4051088","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.471.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,4053961","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:51,4054246","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.471.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,4055883","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.471.059, Length: 1.460"
"12:26:51,4058668","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.472.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,4061159","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:51,4067980","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:51,4074049","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:51,4080463","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:51,4087237","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:51,4093716","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:51,4101283","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:51,4106923","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:51,4113393","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:51,4120209","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:51,4121063","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.472.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,4123871","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.472.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,4125522","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.472.519, Length: 1.460"
"12:26:51,4126558","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:51,4130337","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.473.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:51,4133835","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:51,4140245","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:51,4146221","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:51,4151436","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:51,4156325","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:51,4161522","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:51,4166724","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:51,4171930","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:51,4177127","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:51,4182729","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:51,4187623","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:51,4192824","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:51,4198035","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:51,4199435","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,4203246","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:51,4203409","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,4205844","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,4208466","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:51,4208704","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,4211088","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,4213486","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,4214064","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:51,4219275","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:51,4225764","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:51,4232621","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:51,4238243","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:51,4244279","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:51,4251081","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:51,4259744","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:51,4266177","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:51,4271761","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:51,4277000","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:51,4282224","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:51,4287818","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:51,4293056","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:51,4298281","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:51,4303483","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:51,4308689","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:51,4313895","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:51,4319106","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:51,4324321","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:51,4329896","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:51,4335121","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:51,4344367","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:51,4352764","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:51,4360391","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:51,4367640","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:51,4374871","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:51,4382074","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:51,4388955","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:51,4396097","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:51,4402997","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:51,4410199","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:51,4417402","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:51,4424605","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:51,4432260","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:51,4439458","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 286.720, Length: 4.096"
"12:26:51,4446656","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 290.816, Length: 4.096"
"12:26:51,4453532","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:51,4459938","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 299.008, Length: 4.096"
"12:26:51,4466380","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 303.104, Length: 4.096"
"12:26:51,4471955","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:51,4477156","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 311.296, Length: 4.096"
"12:26:51,4482348","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 315.392, Length: 4.096"
"12:26:51,4489178","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 319.488, Length: 4.096"
"12:26:51,4495629","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 323.584, Length: 4.096"
"12:26:51,4500873","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 327.680, Length: 4.096"
"12:26:51,4506074","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 331.776, Length: 4.096"
"12:26:51,4511271","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 335.872, Length: 4.096"
"12:26:51,4516473","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 339.968, Length: 4.096"
"12:26:51,4521348","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 344.064, Length: 4.096"
"12:26:51,4527309","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 348.160, Length: 4.096"
"12:26:51,4533351","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 352.256, Length: 4.096"
"12:26:51,4538580","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:51,4543782","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:51,4548983","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 364.544, Length: 4.096"
"12:26:51,4554184","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 368.640, Length: 4.096"
"12:26:51,4559059","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 372.736, Length: 4.096"
"12:26:51,4564252","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 376.832, Length: 4.096"
"12:26:51,4569448","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 380.928, Length: 4.096"
"12:26:51,4574622","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 385.024, Length: 4.096"
"12:26:51,4579842","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 389.120, Length: 4.096"
"12:26:51,4583882","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,4585081","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 393.216, Length: 4.096"
"12:26:51,4588645","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,4590306","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 397.312, Length: 4.096"
"12:26:51,4592293","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,4596295","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,4596715","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 401.408, Length: 4.096"
"12:26:51,4599132","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,4602290","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,4602756","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 405.504, Length: 4.096"
"12:26:51,4608331","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 409.600, Length: 4.096"
"12:26:51,4613215","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 413.696, Length: 4.096"
"12:26:51,4618412","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 417.792, Length: 4.096"
"12:26:51,4623614","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 421.888, Length: 2.560"
"12:26:51,4632799","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.068.774, Length: 16.200"
"12:26:51,4637282","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:51,4640823","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:51,4640879","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,4643664","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:51,4647289","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:51,4651711","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:51,4665734","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 7.040, Length: 4.096"
"12:26:51,4671798","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:26:51,4705424","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,4749569","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 305.664, Length: 4.096"
"12:26:51,4753571","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 311.808, Length: 4.096"
"12:26:51,4758050","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 307.712, Length: 4.096"
"12:26:51,4773626","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 315.904, Length: 4.096"
"12:26:51,4807793","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 320.000, Length: 4.096"
"12:26:51,4823835","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,4828645","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,4831901","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,4837140","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,4839519","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,4841931","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,4845887","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 324.096, Length: 4.096"
"12:26:51,4892439","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 348.672, Length: 4.096"
"12:26:51,4897249","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 352.768, Length: 4.096"
"12:26:51,4900467","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 303.616, Length: 4.096"
"12:26:51,4908426","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 354.816, Length: 4.096"
"12:26:51,4939359","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 358.912, Length: 4.096"
"12:26:51,4960254","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 363.008, Length: 4.096"
"12:26:51,4975037","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 422.400, Length: 2.048"
"12:26:51,4984274","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,4988347","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 5.120, Length: 4.096"
"12:26:51,5013533","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 17.408, Length: 4.096"
"12:26:51,5033592","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:51,5039638","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 29.696, Length: 4.096"
"12:26:51,5094186","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 7.040, Length: 4.096"
"12:26:51,5096668","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,5104636","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 389.632, Length: 4.096"
"12:26:51,5108690","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 7.040, Length: 4.096"
"12:26:51,5119788","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,5123366","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,5125787","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,5129370","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,5131390","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,5133773","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,5158031","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 393.728, Length: 4.096"
"12:26:51,5214604","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 9.216, Length: 4.096"
"12:26:51,5219819","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 13.312, Length: 4.096"
"12:26:51,5246713","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 23.552, Length: 4.096"
"12:26:51,5353882","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,5357143","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,5359559","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,5362699","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,5364709","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,5366767","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,5405169","SavService.exe","1536","ReadFile","C:\Windows\System32\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:51,5616144","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,5620622","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,5624564","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,5631034","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,5634253","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,5637845","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,5735008","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,5738199","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\","SUCCESS","Desired Access: Query Value"
"12:26:51,5741837","taskhost.exe","2568","RegQueryValue","HKCU\AppEvents\Schemes\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: .Default"
"12:26:51,5745789","taskhost.exe","2568","RegCloseKey","HKCU\AppEvents\Schemes","SUCCESS",""
"12:26:51,5750230","taskhost.exe","2568","RegOpenKey","HKCU","SUCCESS","Desired Access: Query Value"
"12:26:51,5766151","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,5770145","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current","SUCCESS","Desired Access: Query Value"
"12:26:51,5775710","taskhost.exe","2568","RegQueryValue","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current\(Default)","SUCCESS","Type: REG_SZ, Length: 0"
"12:26:51,5779377","taskhost.exe","2568","RegCloseKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current","SUCCESS",""
"12:26:51,5782614","taskhost.exe","2568","RegCloseKey","HKCU","SUCCESS",""
"12:26:51,5785828","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,5789392","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current","SUCCESS","Desired Access: Query Value"
"12:26:51,5793414","taskhost.exe","2568","RegQueryValue","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current\Default Flags","NAME NOT FOUND","Length: 144"
"12:26:51,5796982","taskhost.exe","2568","RegCloseKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current","SUCCESS",""
"12:26:51,5801787","taskhost.exe","2568","RegOpenKey","HKCU","SUCCESS","Desired Access: Query Value"
"12:26:51,5805818","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,5809055","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current\Active","NAME NOT FOUND","Desired Access: Query Value"
"12:26:51,5812703","taskhost.exe","2568","RegCloseKey","HKCU","SUCCESS",""
"12:26:51,5900046","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.334.272, Length: 8.192"
"12:26:51,5917321","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,5920894","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,5923343","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,5926553","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,5929328","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,5932529","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,6256639","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,6261103","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,6264667","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,6268656","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,6271459","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,6274347","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,6493947","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,6498682","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,6501957","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,6505927","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,6508754","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,6511959","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,6726899","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,6730869","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,6733299","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,6736145","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,6738477","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,6740544","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,6947572","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,6950833","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,6953240","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,6956053","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,6958059","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,6960428","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,7167410","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,7170666","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,7173069","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,7175858","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,7177864","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,7180229","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,7369404","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,7372670","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,7375077","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,7377895","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,7380218","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,7382266","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,7631694","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,7636098","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,7639363","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,7643338","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,7646155","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,7649342","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,7867953","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,7871540","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,7873985","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,7877138","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,7879163","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,7881229","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,8085836","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,8089438","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,8091859","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,8095012","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,8097032","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,8099411","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,8302773","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,8306379","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,8308809","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,8311632","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,8313652","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,8316026","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,8524626","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,8529039","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,8532272","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,8536275","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,8539074","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,8542269","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,8750925","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,8754167","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,8756565","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,8759817","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,8762588","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,8764976","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,8990748","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,8994364","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,8996799","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,8999985","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,9002033","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,9004431","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,9208758","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,9212018","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,9214426","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,9217248","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,9219608","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,9221670","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,9429622","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,9434012","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,9436480","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,9439661","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,9441690","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,9444084","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,9650650","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,9655044","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,9657465","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,9660614","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,9662629","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,9665018","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,9887235","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,9890841","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,9893272","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:51,9896425","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:51,9898450","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:51,9900824","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:51,9932131","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:51,9936642","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:51,9939894","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:51,9943066","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:51,9945478","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:51,9947530","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:51,9949933","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:51,9986469","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:51,9990877","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:52,0009118","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:52,0030007","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,0036823","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.699.466, Length: 16.200"
"12:26:52,0060073","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,0065653","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\SHLWAPI.dll.mui","SUCCESS","Filter: SHLWAPI.dll.mui, 1: shlwapi.dll.mui"
"12:26:52,0070896","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:52,0090153","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,0094184","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\SHLWAPI.dll.mui","SUCCESS","Filter: SHLWAPI.dll.mui, 1: shlwapi.dll.mui"
"12:26:52,0098182","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:52,0125094","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,0132330","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:52,0133374","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,0134690","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:52,0137844","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,0140624","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,0141562","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,0143791","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,0145844","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,0145933","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:52,0148242","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,0149529","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:52,0176852","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,0180407","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:52,0182040","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:52,0188468","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,0192919","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:52,0197290","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:52,0211313","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,0214947","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:52,0218161","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:52,0344522","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:26:52,0354981","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,0359030","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,0362706","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,0367082","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,0372395","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,0377494","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,0382621","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,0460876","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:26:52,0478113","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,0491357","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:26:52,0614905","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,0619318","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,0622584","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,0626600","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,0629423","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,0632212","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,0677738","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,0859990","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,0864720","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,0867972","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,0872016","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,0875179","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,0878431","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,1093571","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,1097168","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,1099603","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,1103242","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,1105621","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,1108009","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,1139671","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,1143669","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,1146099","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:52,1148161","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:52,1150120","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:52,1151763","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:52,1153778","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:52,1187412","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:52,1192222","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:52,1228413","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:52,1250800","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,1257649","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.374.144, Length: 16.200"
"12:26:52,1281781","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,1286992","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\FLTLIB.DLL.mui","SUCCESS","Filter: FLTLIB.DLL.mui, 1: fltlib.dll.mui"
"12:26:52,1292160","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:52,1310596","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,1315807","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\FLTLIB.DLL.mui","SUCCESS","Filter: FLTLIB.DLL.mui, 1: fltlib.dll.mui"
"12:26:52,1320649","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:52,1321904","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,1326285","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,1331901","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,1338316","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,1340714","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,1343139","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,1353533","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,1360363","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:52,1363148","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:52,1371176","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,1375631","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:52,1382806","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:52,1415386","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,1418955","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:52,1420592","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:52,1427753","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,1431779","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:52,1435026","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:52,1448666","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,1452291","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:52,1455501","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:52,1571029","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 4.608, Length: 3.072"
"12:26:52,1582655","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,1676127","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 4.096, Length: 3.584"
"12:26:52,1693789","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,1703427","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 4.096, Length: 3.584"
"12:26:52,1774027","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:26:52,1899595","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\fltlib.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,2013099","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,2016751","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,2019480","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,2022326","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,2024351","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,2027098","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,2228986","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2232564","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2235017","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976020, endtime: 976020, seqnum: 0, connid: 0"
"12:26:52,2254638","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2257400","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2259014","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2261067","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976020, endtime: 976020, seqnum: 0, connid: 0"
"12:26:52,2360002","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.473.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2363580","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.473.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2365563","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.473.979, Length: 2.920"
"12:26:52,2369635","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.476.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2395876","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.476.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2399123","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.476.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2401530","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.476.899, Length: 4.380"
"12:26:52,2406279","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.481.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2551650","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2554444","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2556454","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976020, endtime: 976020, seqnum: 0, connid: 0"
"12:26:52,2573561","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2576411","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2578399","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2580764","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976020, endtime: 976020, seqnum: 0, connid: 0"
"12:26:52,2620920","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.481.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2624158","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.481.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2628977","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.481.279, Length: 2.920"
"12:26:52,2632965","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.484.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2647823","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,2651051","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,2653458","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,2657424","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,2659280","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.484.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2659873","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,2662089","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.484.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2662285","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,2664057","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.484.199, Length: 4.380"
"12:26:52,2666912","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.488.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2874701","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2877262","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,2877495","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2879510","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976021, endtime: 976021, seqnum: 0, connid: 0"
"12:26:52,2880831","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,2883238","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,2886055","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,2888066","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,2891257","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,2891975","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2893603","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2894779","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,2896038","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976021, endtime: 976021, seqnum: 0, connid: 0"
"12:26:52,2935238","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.488.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2938858","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.488.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2940897","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.488.579, Length: 2.920"
"12:26:52,2944097","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.491.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2974037","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.491.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2976864","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.491.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,2978511","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.491.499, Length: 4.380"
"12:26:52,2981674","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.495.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3117346","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,3120612","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,3123028","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,3126238","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,3129419","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,3132624","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,3194421","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3196889","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3198890","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976021, endtime: 976021, seqnum: 0, connid: 0"
"12:26:52,3213333","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3215292","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3216151","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3217732","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976021, endtime: 976021, seqnum: 0, connid: 0"
"12:26:52,3252594","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.495.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3256214","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.495.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3258630","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.495.879, Length: 2.920"
"12:26:52,3262213","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.498.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3348222","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,3352644","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,3356194","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,3360178","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,3362669","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,3365874","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,3381893","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.498.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3385070","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.498.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3386717","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.498.799, Length: 4.380"
"12:26:52,3390720","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.503.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3429915","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,3436455","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,3440029","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:52,3443238","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,3446079","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,3449247","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,3451323","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:52,3454896","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:52,3457695","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,3459304","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,3461278","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:52,3463685","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:52,3514659","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3518233","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3521013","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976021, endtime: 976021, seqnum: 0, connid: 0"
"12:26:52,3538679","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3541087","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3542729","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3545084","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976021, endtime: 976021, seqnum: 0, connid: 0"
"12:26:52,3573928","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.503.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3577870","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.503.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3580291","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.503.179, Length: 2.920"
"12:26:52,3584308","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.506.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3596525","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,3600066","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,3602156","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,3605291","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,3607302","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,3609364","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,3618983","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.506.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3622197","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.506.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3624595","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.506.099, Length: 2.920"
"12:26:52,3630603","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.509.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3653042","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.509.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3655841","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.509.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3657893","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.509.019, Length: 1.460"
"12:26:52,3661056","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.510.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3833610","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3836339","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3838392","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976022, endtime: 976022, seqnum: 0, connid: 0"
"12:26:52,3846014","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,3850026","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,3853189","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3853273","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,3854850","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3856025","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,3857285","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976022, endtime: 976022, seqnum: 0, connid: 0"
"12:26:52,3860098","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,3863270","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,3866466","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,3938759","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.510.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3944026","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.510.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3946797","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.510.479, Length: 2.920"
"12:26:52,3950813","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.513.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3985722","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.513.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3990107","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.513.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,3995835","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.513.399, Length: 2.920"
"12:26:52,4000678","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.516.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4019771","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.516.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4022972","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.516.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4025365","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.516.319, Length: 1.460"
"12:26:52,4032740","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.517.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4081289","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,4084923","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,4087344","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,4090176","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,4092587","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,4096147","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,4131969","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,4135967","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,4138738","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:52,4141145","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:52,4142806","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:52,4144784","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:52,4146813","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:52,4168380","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4171211","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4173632","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976022, endtime: 976022, seqnum: 0, connid: 0"
"12:26:52,4181316","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\comdlg32.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:52,4186097","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\comdlg32.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:52,4191653","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4193314","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4194886","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4196477","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4198520","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976022, endtime: 976022, seqnum: 0, connid: 0"
"12:26:52,4216779","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\comdlg32.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:52,4241196","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\comdlg32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,4247102","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.517.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4248403","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.553.964, Length: 16.200"
"12:26:52,4250675","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.519.808, EndOfFile: 406.517.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4255867","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.517.779, Length: 2.920, Priority: Normal"
"12:26:52,4272111","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,4277144","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.520.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4278539","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\COMDLG32.dll.mui","SUCCESS","Filter: COMDLG32.dll.mui, 1: comdlg32.dll.mui"
"12:26:52,4284590","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:52,4306599","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,4312183","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\COMDLG32.dll.mui","SUCCESS","Filter: COMDLG32.dll.mui, 1: comdlg32.dll.mui"
"12:26:52,4314851","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,4317086","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:52,4320351","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,4322824","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:52,4328795","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,4342174","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,4346933","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,4350147","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:52,4353506","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,4353795","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:52,4358590","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,4358786","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,4361576","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:52,4363190","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,4364767","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:52,4365793","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,4366754","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,4368611","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:52,4370416","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,4371032","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:52,4374013","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,4374797","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,4377255","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,4380021","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:52,4384817","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:52,4410810","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.520.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4414482","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.520.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4417211","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.520.699, Length: 5.840"
"12:26:52,4420509","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,4421223","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.526.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4424959","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:52,4428995","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:52,4441982","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,4447197","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:52,4451624","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:52,4468073","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,4472416","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:52,4475682","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:52,4495919","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4499086","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4501876","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976022, endtime: 976022, seqnum: 0, connid: 0"
"12:26:52,4520764","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4523181","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4524781","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4526381","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4528784","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976022, endtime: 976022, seqnum: 0, connid: 0"
"12:26:52,4573973","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.526.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4581549","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.526.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4584022","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.526.539, Length: 2.920"
"12:26:52,4588020","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.529.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4591024","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\comdlg32.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:52,4605448","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\comdlg32.dll.mui","SUCCESS","Offset: 53.760, Length: 1.536"
"12:26:52,4616756","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.529.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4619443","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\comdlg32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,4619564","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.529.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4621575","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.529.459, Length: 5.840"
"12:26:52,4623129","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,4625186","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.535.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4629958","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,4633550","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,4633629","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:52,4636820","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:52,4637581","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,4639624","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:52,4640744","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,4643207","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:52,4644368","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,4647293","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:52,4813796","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4816647","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,4818979","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976023, endtime: 976023, seqnum: 0, connid: 0"
"12:26:52,4860899","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,4865270","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,4867710","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,4871334","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,4874488","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,4874917","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.535.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4877726","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,4878537","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.535.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,4881294","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.535.299, Length: 2.920"
"12:26:52,4885367","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.538.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,5100922","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,5104519","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,5106973","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,5110145","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,5112188","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,5114596","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,5152709","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,5155550","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,5157103","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,5157971","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,5159142","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:52,5160779","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976023, endtime: 976023, seqnum: 0, connid: 0"
"12:26:52,5177774","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,5182187","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,5184958","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:52,5187715","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:52,5190131","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:52,5192552","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:52,5195365","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:52,5221298","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.538.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,5224130","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.538.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,5226495","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.538.219, Length: 4.380"
"12:26:52,5232947","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.542.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,5233917","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:52,5245094","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:26:52,5248710","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 4.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:52,5264174","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.542.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,5270183","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.542.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,5273770","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.542.599, Length: 2.920"
"12:26:52,5277437","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.545.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,5292285","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:52,5298345","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.200.318, Length: 16.200"
"12:26:52,5308328","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:52,5313590","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:52,5317159","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 8.192, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:52,5323835","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,5328626","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,5331089","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,5331840","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:52,5334280","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,5336300","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,5338721","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,5339085","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:52,5346283","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:52,5351871","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:52,5357092","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:52,5363142","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:52,5368376","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:52,5373979","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:52,5379180","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:52,5384391","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:52,5389597","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:52,5395181","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:52,5400392","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:52,5405276","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:52,5410478","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:52,5415684","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:52,5420890","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:52,5426922","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:52,5432902","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:52,5438118","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:52,5443319","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:52,5448208","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:52,5453405","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:52,5458607","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:52,5463799","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:52,5468996","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:52,5473884","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:52,5479081","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:52,5484320","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:52,5489857","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:52,5494737","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:52,5500746","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:52,5505961","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:52,5511167","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:52,5516373","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:52,5521570","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:52,5526832","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:52,5534389","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:52,5541210","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:52,5549649","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:52,5551496","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 16.982.016, Length: 8.192"
"12:26:52,5556492","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:52,5562519","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:52,5567749","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:52,5572955","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:52,5578161","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:52,5584604","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:52,5584841","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,5588410","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,5590197","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:52,5590850","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,5594022","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,5595426","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:52,5596061","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,5598459","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,5600642","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:52,5606216","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:52,5613018","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:52,5618285","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:52,5623491","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:52,5630307","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:52,5636357","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:52,5641582","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:52,5647581","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:52,5653939","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:52,5659556","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:52,5665182","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:52,5672012","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:52,5678879","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:52,5688684","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:52,5695934","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:52,5702357","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:52,5708758","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:52,5715961","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:52,5722431","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 286.720, Length: 4.096"
"12:26:52,5729256","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 290.816, Length: 4.096"
"12:26:52,5736407","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:52,5743256","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 299.008, Length: 4.096"
"12:26:52,5747393","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,5750505","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 303.104, Length: 4.096"
"12:26:52,5756243","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:52,5757694","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:52,5760287","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:52,5764901","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 311.296, Length: 4.096"
"12:26:52,5771740","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 315.392, Length: 4.096"
"12:26:52,5779027","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 319.488, Length: 4.096"
"12:26:52,5780342","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:52,5786202","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 323.584, Length: 4.096"
"12:26:52,5793390","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 327.680, Length: 4.096"
"12:26:52,5800248","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 331.776, Length: 4.096"
"12:26:52,5807446","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 335.872, Length: 4.096"
"12:26:52,5814289","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 339.968, Length: 4.096"
"12:26:52,5821147","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 344.064, Length: 4.096"
"12:26:52,5821669","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,5830500","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:52,5831909","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 348.160, Length: 4.096"
"12:26:52,5833313","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,5839513","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 352.256, Length: 4.096"
"12:26:52,5842527","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,5846753","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:52,5848554","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:52,5853704","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,5854805","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:52,5861163","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 364.544, Length: 4.096"
"12:26:52,5867620","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 368.640, Length: 4.096"
"12:26:52,5871748","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,5874417","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 372.736, Length: 4.096"
"12:26:52,5877454","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:52,5881246","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 376.832, Length: 4.096"
"12:26:52,5882249","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,5887656","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 380.928, Length: 4.096"
"12:26:52,5893319","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 385.024, Length: 4.096"
"12:26:52,5898311","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,5900065","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 389.120, Length: 4.096"
"12:26:52,5900298","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,5903060","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,5905705","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 393.216, Length: 4.096"
"12:26:52,5906283","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:52,5906689","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,5910701","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,5911298","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 397.312, Length: 4.096"
"12:26:52,5911527","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,5914727","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,5918142","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 401.408, Length: 4.096"
"12:26:52,5919952","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,5929417","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 405.504, Length: 4.096"
"12:26:52,5934348","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,5936979","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 409.600, Length: 4.096"
"12:26:52,5940426","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:52,5943846","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 413.696, Length: 4.096"
"12:26:52,5945185","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,5951021","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 417.792, Length: 4.096"
"12:26:52,5957897","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 421.888, Length: 4.096"
"12:26:52,5965118","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 425.984, Length: 4.096"
"12:26:52,5972330","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 430.080, Length: 4.096"
"12:26:52,5977317","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,5979500","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 434.176, Length: 4.096"
"12:26:52,5983713","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:52,5986139","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,5986358","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 438.272, Length: 4.096"
"12:26:52,5993216","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 442.368, Length: 4.096"
"12:26:52,6000390","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 446.464, Length: 4.096"
"12:26:52,6007257","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 450.560, Length: 4.096"
"12:26:52,6012617","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6014423","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 454.656, Length: 4.096"
"12:26:52,6018257","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:52,6021019","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:52,6021261","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 458.752, Length: 4.096"
"12:26:52,6028912","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 462.848, Length: 4.096"
"12:26:52,6036073","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 466.944, Length: 4.096"
"12:26:52,6042921","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 471.040, Length: 4.096"
"12:26:52,6047908","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6049732","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 475.136, Length: 4.096"
"12:26:52,6053912","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:52,6056328","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:52,6056585","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 479.232, Length: 4.096"
"12:26:52,6063755","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 483.328, Length: 4.096"
"12:26:52,6070599","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 487.424, Length: 4.096"
"12:26:52,6077465","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 491.520, Length: 4.096"
"12:26:52,6083236","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6084626","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 495.616, Length: 4.096"
"12:26:52,6088857","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,6091255","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,6091470","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 499.712, Length: 4.096"
"12:26:52,6098705","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 503.808, Length: 4.096"
"12:26:52,6105885","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 507.904, Length: 4.096"
"12:26:52,6113139","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 512.000, Length: 4.096"
"12:26:52,6115765","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6120355","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 516.096, Length: 4.096"
"12:26:52,6120934","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,6122585","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:52,6127973","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 520.192, Length: 4.096"
"12:26:52,6134845","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 524.288, Length: 4.096"
"12:26:52,6141646","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 528.384, Length: 4.096"
"12:26:52,6148439","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 532.480, Length: 4.096"
"12:26:52,6149040","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6153402","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:52,6155287","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 536.576, Length: 4.096"
"12:26:52,6155460","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:52,6162079","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 540.672, Length: 4.096"
"12:26:52,6169329","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 544.768, Length: 4.096"
"12:26:52,6174138","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,6176545","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 548.864, Length: 4.096"
"12:26:52,6178183","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,6178696","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6181402","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,6182540","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 552.960, Length: 4.096"
"12:26:52,6183519","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:52,6185441","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,6186300","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:52,6188171","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 557.056, Length: 4.096"
"12:26:52,6189967","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,6193405","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 561.152, Length: 4.096"
"12:26:52,6193918","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,6198615","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 565.248, Length: 4.096"
"12:26:52,6204983","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 569.344, Length: 4.096"
"12:26:52,6211421","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 573.440, Length: 4.096"
"12:26:52,6214425","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6216664","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 577.536, Length: 4.096"
"12:26:52,6219221","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:52,6221231","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,6222286","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 581.632, Length: 4.096"
"12:26:52,6230263","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 585.728, Length: 4.096"
"12:26:52,6236682","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 589.824, Length: 4.096"
"12:26:52,6242359","SavService.exe","1536","ReadFile","C:\Windows\System32\comdlg32.dll","SUCCESS","Offset: 593.920, Length: 512"
"12:26:52,6248125","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6248704","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.550.912, Length: 16.200"
"12:26:52,6252557","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:52,6252785","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.547.712, Length: 20.480, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:52,6254516","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,6277043","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6281433","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:52,6283061","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:52,6290619","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6295461","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,6304730","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6311103","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:52,6313491","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,6333551","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6341206","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:52,6344821","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:52,6354692","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:52,6357879","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7200000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:52,6360696","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,6372690","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6378745","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:52,6381493","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:52,6390562","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,6393757","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,6396150","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,6398002","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:52,6398963","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,6400964","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,6403344","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,6434744","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,6438793","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:52,6443220","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:52,6447978","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:26:52,6448366","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6451197","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:52,6454775","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,6454831","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:52,6457635","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,6458013","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:52,6461642","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:52,6465253","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:26:52,6466456","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6468420","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:52,6471243","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,6472451","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:52,6474084","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:52,6477326","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,6477699","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:52,6481272","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:26:52,6484095","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:52,6486922","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,6490089","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:52,6493373","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:52,6495753","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6496942","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:26:52,6499774","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:52,6501383","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:52,6506137","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,6523402","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6528268","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:52,6531482","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,6545855","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6550296","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:52,6553543","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,6578001","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6582764","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:52,6583478","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,6584411","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,6587914","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,6591119","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,6595094","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,6597907","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,6601112","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,6608062","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6612116","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:52,6614062","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:52,6640573","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6645793","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:52,6647766","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:52,6673456","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6678252","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,6680258","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,6705953","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6710772","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,6712409","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:52,6738855","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6742904","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:52,6744850","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:52,6765725","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6769737","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:52,6771365","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:52,6792269","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6796263","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:52,6797881","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,6798329","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,6801926","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,6804361","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,6807183","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,6809525","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,6811596","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,6819074","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6822746","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:52,6824360","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,6849569","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6853600","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:52,6855219","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:52,6860863","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6865263","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,6872036","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6877289","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:52,6879285","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,6892889","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6898538","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:52,6900959","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:52,6908918","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:52,6912887","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7200000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:52,6916153","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,6938209","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:26:52,6981300","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,6988073","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:52,6990896","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,6998756","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,6999689","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7002036","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,7004797","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,7007419","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:52,7007643","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,7009658","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,7012042","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,7013493","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,7036477","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7042910","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:52,7047272","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,7063357","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7068143","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:52,7071353","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,7085021","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7089430","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:52,7092658","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,7118287","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7123466","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:52,7125117","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,7151176","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7156797","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:52,7159232","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:52,7188113","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7193725","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:52,7196510","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:52,7219756","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,7223842","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,7225419","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7227826","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,7231880","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,7232655","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,7235024","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,7235435","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,7238253","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,7262361","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7266765","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,7268701","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:52,7290384","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7294410","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:52,7296434","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:52,7321290","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7325339","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:52,7331660","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:52,7363755","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7369712","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:52,7372161","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,7399013","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7404233","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:52,7406668","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,7429065","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,7432657","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,7433534","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7435083","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,7438218","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,7438722","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:52,7440247","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,7441152","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:52,7442640","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,7448770","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7454032","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,7463194","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7470089","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:52,7472879","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,7489738","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7496493","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:52,7500920","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:52,7504148","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:52,7512774","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,7515615","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:52,7520410","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,7634190","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,7638575","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,7641369","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,7644229","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,7646244","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,7648628","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,7763961","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:52,7804290","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7809118","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:52,7811119","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:52,7817165","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7821961","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:52,7826775","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,7849652","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7854881","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:52,7858856","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,7873271","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,7873667","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7876882","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,7879340","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,7881966","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:52,7882176","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,7884514","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,7886832","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,7887331","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,7904848","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7909705","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:52,7912891","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,7941730","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7946208","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:52,7948984","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:52,7971488","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,7975892","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:52,7977524","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:52,7998773","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8003121","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:52,8004754","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:52,8026796","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8031676","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,8034050","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,8056885","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8060935","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,8062544","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:52,8084581","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8088603","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:52,8090221","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:52,8110673","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8114689","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:52,8116303","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:52,8139190","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8143211","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:52,8145152","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,8166014","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8169680","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:52,8171294","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,8192497","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8196173","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:52,8198104","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:52,8203404","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8207793","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,8214226","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8219824","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:52,8221844","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,8237104","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8242683","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:26:52,8245109","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:26:52,8252302","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:26:52,8257149","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:26:52,8261133","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:26:52,8263535","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:52,8270748","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8275613","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:52,8278403","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:52,8292398","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:52,8304891","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:52,8347300","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8352133","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:52,8352721","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,8354130","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:52,8356336","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,8358781","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,8360530","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8361990","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,8364337","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,8365321","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:52,8366431","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,8368983","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,8382614","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8387037","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:52,8390596","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,8403448","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8407852","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:52,8410707","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,8423899","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8429115","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:52,8432721","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,8455197","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8459218","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:52,8460846","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:52,8481657","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8485739","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:52,8487740","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:52,8511373","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8515399","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,8517022","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,8541429","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8545479","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,8547853","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:52,8570763","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8574775","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:52,8576403","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:52,8599252","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8603623","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:52,8605251","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:52,8630974","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8636521","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:52,8638154","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,8662649","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8667398","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:52,8669810","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,8694698","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8700324","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:52,8702787","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:52,8709981","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8715177","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,8722035","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8728869","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:52,8731220","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,8745318","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8751317","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:26:52,8754471","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:26:52,8763469","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:26:52,8769081","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:52,8788199","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,8790335","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:26:52,8791847","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,8794258","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,8797426","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,8799455","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,8801862","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,8891370","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:52,8915772","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8920218","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:52,8922989","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:52,8931475","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8936704","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:52,8941052","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,8955094","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8959549","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:52,8963136","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,8976357","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,8980788","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:52,8983975","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,8996887","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9001296","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:52,9004841","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,9012529","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,9016116","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,9018533","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,9021365","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,9023385","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,9026212","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,9028539","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:52,9051039","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9055391","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: DNCI"
"12:26:52,9057019","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:52,9077853","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9081543","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:52,9083484","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:52,9104388","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9108390","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,9110018","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,9132835","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9137290","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,9139226","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:52,9160923","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9164939","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:52,9166558","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:52,9190210","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9195439","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:52,9197860","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:52,9225482","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9230739","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:52,9232372","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,9254801","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9257917","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,9258841","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:52,9260478","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,9261514","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,9263926","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,9266739","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,9268740","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,9271096","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,9281723","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9285725","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:52,9287349","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:52,9293292","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9297374","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,9304180","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9309783","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:52,9311789","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,9327015","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:26:52,9424374","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:52,9430779","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:52,9441480","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,9443897","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:52,9446281","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:52,9455933","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:52,9456749","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,9458330","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:52, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:52,9460770","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:26:52,9461115","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,9463555","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:52,9465939","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:52,9467595","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:52,9469559","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:52,9471593","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:52,9472489","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,9476099","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,9478521","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,9481352","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,9483680","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,9484837","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:52,9485756","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,9507257","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\sechost.dll.mui","SUCCESS","Offset: 0, Length: 2.048, I/O Flags: Synchronous"
"12:26:52,9511661","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\sechost.dll.mui","SUCCESS","Offset: 0, Length: 2.048, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:52,9525320","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9530265","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\sechost.dll.mui","SUCCESS","Offset: 184, Length: 1.864"
"12:26:52,9531361","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:52,9533749","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,9540248","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9545389","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:52,9549093","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\sechost.dll.mui","SUCCESS","Offset: 0, Length: 2.048"
"12:26:52,9549415","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,9554700","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.577.156, Length: 16.200"
"12:26:52,9557905","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.576.384, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:52,9563116","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9567855","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:52,9571093","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,9585578","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9588311","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,9590779","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:52,9594348","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,9594707","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\sechost.dll.mui","SUCCESS","Filter: sechost.dll.mui, 1: sechost.dll.mui"
"12:26:52,9600366","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:52,9607979","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9612383","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:52,9615238","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,9621200","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,9627642","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\sechost.dll.mui","SUCCESS","Filter: sechost.dll.mui, 1: sechost.dll.mui"
"12:26:52,9632428","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:52,9640111","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9644893","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, FileAttributes: ANCI"
"12:26:52,9646530","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:52,9659746","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,9665349","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:52,9667360","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:52,9669426","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9673802","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:52, FileAttributes: DNCI"
"12:26:52,9675370","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,9675444","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:52,9680576","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:52,9684186","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:52,9697043","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9697356","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,9701288","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,9702030","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:52,9703770","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,9706401","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:52,9706947","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,9708967","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,9711374","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,9711850","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,9715092","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:52,9716725","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:52,9723106","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,9727893","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:52,9731536","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:52,9743357","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9745582","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:52,9748946","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,9749576","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:52,9751358","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:52,9753219","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:52,9777029","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9781456","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:52,9783402","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:52,9805108","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9809157","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:52,9811121","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:52,9815166","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,9819513","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,9822392","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:52,9826385","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,9829548","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,9832375","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,9834759","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:52,9837618","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:52,9840385","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,9841989","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,9843617","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:52,9845264","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:52,9845754","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9850988","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:52,9852985","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:52,9876268","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9880629","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:52,9882262","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:52,9903577","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9907589","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:52,9909534","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:52,9917665","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:52,9921248","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:52,9923678","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:52,9927657","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:52,9930452","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:52,9932392","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9933293","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:52,9936819","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:52,9938443","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:52,9944437","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9948864","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,9955335","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9960905","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:52,9962906","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:52,9977372","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:52,9984594","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:52,9988582","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:52,9991036","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:52,9999806","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:53,0003897","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:26:53,0008707","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:53,0012280","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:50, LastWriteTime: 06.10.2013 12:26:50, ChangeTime: 06.10.2013 12:26:50, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:53,0050384","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:53,0088768","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0094016","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:52, FileAttributes: ANCI"
"12:26:53,0096013","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:53,0102455","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0107236","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:53,0111225","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:53,0124534","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0129736","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:53,0133738","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:53,0143913","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,0147365","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0147533","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,0149954","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,0151778","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:53,0153103","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,0154978","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:53,0155132","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,0157535","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,0168250","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0172640","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:53,0175817","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:53,0198339","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0203098","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:52, FileAttributes: ANCI"
"12:26:53,0204735","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:53,0229147","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0238407","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:53,0241560","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:53,0273259","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0277705","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:53,0279669","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:53,0303796","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0308191","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:53,0309823","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:53,0334697","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0340272","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:53,0342670","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:53,0366461","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,0366746","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0369736","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,0371859","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:53,0372479","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,0375334","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,0375880","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:53,0377359","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,0379756","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,0405577","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0410405","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:53,0412043","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:53,0443018","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0448598","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:53,0450608","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:53,0475076","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0479140","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:53,0481080","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:53,0502814","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0507218","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:53,0508851","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:53,0514831","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0519273","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:53,0523686","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,0526107","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0528901","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,0532115","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:53,0532493","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:53,0534443","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:53,0535679","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:53,0538077","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:53,0540452","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:53,0542938","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:53,0549297","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0556569","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:52, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:53,0560530","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:53,0562974","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:53,0571133","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:53,0581322","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:52, FileAttributes: ANCI"
"12:26:53,0581858","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ole32.dll.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Synchronous"
"12:26:53,0587433","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ole32.dll.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,0599025","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:26:53,0602715","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ole32.dll.mui","SUCCESS","Offset: 184, Length: 2.888"
"12:26:53,0603597","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,0607184","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,0609615","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,0612768","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,0614793","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,0617182","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,0621170","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ole32.dll.mui","SUCCESS","Offset: 0, Length: 3.072"
"12:26:53,0627916","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.381.920, Length: 16.200"
"12:26:53,0648027","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,0652827","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\ole32.dll.mui","SUCCESS","Filter: ole32.dll.mui, 1: ole32.dll.mui"
"12:26:53,0656881","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:53,0673707","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,0677701","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\ole32.dll.mui","SUCCESS","Filter: ole32.dll.mui, 1: ole32.dll.mui"
"12:26:53,0681311","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:53,0681573","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:53,0706862","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0711373","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,0711629","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:53,0713626","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:53,0717810","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:53,0719681","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0720633","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:53,0724481","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:53,0728297","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,0728904","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:53,0737567","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:53,0743211","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:53,0750045","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0756464","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:53,0761265","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:53,0778059","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0780349","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,0782892","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:53,0786003","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:53,0786129","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:53,0788812","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:53,0797246","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,0800194","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0801631","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:53,0804948","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:53,0806049","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:53,0807821","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:53,0817996","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.133.504, Length: 8.192"
"12:26:53,0822096","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,0826127","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:53,0829752","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:53,0837085","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:53,0847329","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,0850907","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,0853333","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,0856496","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,0858516","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,0860340","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0860923","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,0864725","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:53,0866367","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:53,0887224","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0891246","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:53,0892869","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:53,0914477","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0919357","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:53,0922086","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:53,0953062","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0958618","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:53,0960250","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:53,0984728","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,0989094","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:53,0990717","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:53,1011547","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,1015251","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:53,1017196","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:53,1040073","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,1044085","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:53,1045699","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:53,1068189","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,1073344","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:53,1075368","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:53,1099384","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,1101497","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,1103009","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,1105439","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,1105868","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:53,1107496","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:53,1108607","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,1110645","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,1113029","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,1113482","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,1117867","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:53,1124328","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,1131167","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:53,1133933","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:53,1143216","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:52, FileAttributes: ANCI"
"12:26:53,1155620","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:53,1204757","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:53,1259902","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:53,1264795","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:26:53,1284211","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:53,1288153","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:52, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:53,1295393","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:26:53,1351947","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,1357004","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,1362187","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,1367029","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,1369842","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,1373028","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,1539713","FlashPlayerPlugin_11_8_800_168.exe","8216","Thread Exit","","SUCCESS","Thread ID: 8324, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:26:53,1576651","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,1580266","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,1583009","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,1588075","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,1591695","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,1594527","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,1818461","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,1822827","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,1826060","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,1830902","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,1833645","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,1836104","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,2047466","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,2050736","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2053470","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,2056297","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,2058331","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,2060747","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,2274320","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,2277189","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,2278705","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2282017","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2283795","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,2284807","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:53,2287611","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:53,2287806","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,2289598","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:53,2289878","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,2292033","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:53,2292630","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,2294389","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:53,2332129","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\msctf.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:53,2337755","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\msctf.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,2369827","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\msctf.dll.mui","SUCCESS","Offset: 184, Length: 3.912"
"12:26:53,2388305","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\msctf.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,2393879","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.295.464, Length: 16.200"
"12:26:53,2417176","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,2421645","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\MSCTF.dll.mui","SUCCESS","Filter: MSCTF.dll.mui, 1: msctf.dll.mui"
"12:26:53,2426828","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:53,2428349","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,2431950","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,2434726","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976030, endtime: 976030, seqnum: 0, connid: 0"
"12:26:53,2444075","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,2447993","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,2448096","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\MSCTF.dll.mui","SUCCESS","Filter: MSCTF.dll.mui, 1: msctf.dll.mui"
"12:26:53,2449990","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,2451996","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976030, endtime: 976030, seqnum: 0, connid: 0"
"12:26:53,2452509","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:53,2479356","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,2484968","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:53,2486988","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:53,2493402","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,2497022","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:53,2500260","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:53,2503166","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.545.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2506301","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.545.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2507920","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.545.519, Length: 2.920"
"12:26:53,2511162","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.548.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2517380","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.391.616, Length: 8.192"
"12:26:53,2527149","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,2530727","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:53,2532355","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:53,2538704","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,2542329","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:53,2545571","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:53,2546467","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.548.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2549270","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.548.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2550273","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.260.544, Length: 8.192"
"12:26:53,2551673","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.548.439, Length: 2.920"
"12:26:53,2554845","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.551.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2559174","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,2562808","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:53,2566405","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:53,2569941","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.154.048, Length: 8.192"
"12:26:53,2590033","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.227.200, Length: 8.192"
"12:26:53,2608912","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 1.826.816, Length: 8.192"
"12:26:53,2639771","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.309.696, Length: 8.192"
"12:26:53,2664678","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.219.008, Length: 8.192"
"12:26:53,2689953","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.367.040, Length: 8.192"
"12:26:53,2705156","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.301.504, Length: 8.192"
"12:26:53,2732073","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.129.472, Length: 8.192"
"12:26:53,2745704","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:26:53,2749819","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,2750882","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:26:53,2752683","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976030, endtime: 976030, seqnum: 0, connid: 0"
"12:26:53,2755673","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:26:53,2760114","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:26:53,2763692","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:26:53,2766930","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:53,2770601","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:53,2770797","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,2773181","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,2773736","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:53,2774823","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,2776400","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,2776558","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:53,2778392","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976030, endtime: 976031, seqnum: 0, connid: 0"
"12:26:53,2780165","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:53,2783379","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:53,2787027","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:53,2789849","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:53,2793418","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:53,2795461","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:53,2797836","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:53,2800635","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2802286","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:53,2805090","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:53,2808294","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:53,2810954","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.551.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2811467","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.252.352, Length: 8.192"
"12:26:53,2811859","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:53,2814578","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.551.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2815926","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:53,2816985","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.551.359, Length: 1.460"
"12:26:53,2819929","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:53,2821016","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.552.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2823540","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:53,2828312","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:53,2831946","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:53,2834745","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:53,2837945","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:53,2841173","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2841948","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.764.288, Length: 8.192"
"12:26:53,2843963","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:53,2846827","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2856045","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2859204","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.552.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2860403","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,2862422","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.552.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2864041","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2864825","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.552.819, Length: 2.920"
"12:26:53,2866486","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:53,2868044","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.555.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2869658","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2872079","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2874435","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,2876492","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2879300","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,2880037","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.285.120, Length: 8.192"
"12:26:53,2882085","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2884077","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:53,2886886","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2888556","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:53,2890566","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.555.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2892125","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2894177","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.555.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2894527","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,2897289","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2897718","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.244.160, Length: 8.192"
"12:26:53,2898338","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.555.739, Length: 2.920"
"12:26:53,2899365","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:53,2901753","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2903577","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.558.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,2903773","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2905788","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,2907813","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2909810","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,2912170","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2913831","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:53,2916159","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2917801","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:53,2931049","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2933937","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,2937478","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2939526","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:53,2942688","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2945110","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2947125","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,2949163","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2951160","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,2953539","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2955209","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:53,2957570","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,2959207","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:53,2968351","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.399.808, Length: 8.192"
"12:26:53,2970137","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2973333","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,2976561","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,2978604","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:26:53,2981016","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,3002480","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,3005685","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,3008908","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,3011278","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:53,3014077","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,3016116","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,3018117","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,3020151","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,3022138","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:53,3024517","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,3028095","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:53,3030941","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:53,3033334","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:53,3083254","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3086426","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3088862","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976031, endtime: 976031, seqnum: 0, connid: 0"
"12:26:53,3104932","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3107279","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3108534","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3110125","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3112154","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976031, endtime: 976031, seqnum: 0, connid: 0"
"12:26:53,3142462","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,3146465","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,3149287","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,3150607","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.558.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3152487","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,3153444","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.558.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3154512","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,3155408","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.558.659, Length: 2.920"
"12:26:53,3157311","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,3159779","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.561.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3188081","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.561.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3191282","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.561.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3194146","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.561.579, Length: 2.920"
"12:26:53,3197775","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.564.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3234293","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.564.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3241356","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.564.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3244537","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.564.499, Length: 2.920"
"12:26:53,3248162","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.567.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3391965","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 8.192, Length: 8.192"
"12:26:53,3399966","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 303.104, Length: 8.192"
"12:26:53,3408731","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.900.544, Length: 8.192"
"12:26:53,3414768","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.313.728, Length: 8.192"
"12:26:53,3415897","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3419027","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3421434","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976031, endtime: 976031, seqnum: 0, connid: 0"
"12:26:53,3429262","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.276.928, Length: 8.192"
"12:26:53,3434473","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 17.276.928, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,3442361","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3444782","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3446704","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3448328","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3450390","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976031, endtime: 976031, seqnum: 0, connid: 0"
"12:26:53,3503253","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.567.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3506859","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.567.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3509229","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.567.419, Length: 2.920"
"12:26:53,3513241","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.570.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3524078","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.761.280, Length: 8.192"
"12:26:53,3541185","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.570.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3543536","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.570.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3545126","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.570.339, Length: 5.840"
"12:26:53,3548397","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.576.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3563441","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,3567057","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,3569814","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,3572687","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,3575043","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,3577464","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,3731964","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3734740","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3736751","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976031, endtime: 976031, seqnum: 0, connid: 0"
"12:26:53,3749164","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3750802","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3751973","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,3753227","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976031, endtime: 976031, seqnum: 0, connid: 0"
"12:26:53,3795907","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.576.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3796257","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,3798753","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.576.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3800255","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,3801114","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.576.179, Length: 2.920"
"12:26:53,3802704","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:53,3804715","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.579.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3805102","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:53,3806749","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:53,3809091","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:53,3811904","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:53,3845996","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.579.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3848440","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.579.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3852485","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.579.099, Length: 4.380"
"12:26:53,3855218","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:53,3858073","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.583.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,3860093","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,3941199","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:53,3962471","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,3969329","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 813.138, Length: 16.200"
"12:26:53,3974068","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 811.008, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,4000178","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,4005427","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Filter: uxtheme.dll.mui, 1: uxtheme.dll.mui"
"12:26:53,4010619","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:53,4029433","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,4034270","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Filter: uxtheme.dll.mui, 1: uxtheme.dll.mui"
"12:26:53,4038683","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:53,4058776","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4062004","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4064332","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4066776","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976032, endtime: 976032, seqnum: 0, connid: 0"
"12:26:53,4071208","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,4078793","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:53,4081611","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:53,4090428","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,4091463","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4093931","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4095270","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:53,4096324","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976032, endtime: 976032, seqnum: 0, connid: 0"
"12:26:53,4099720","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:53,4134969","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,4139028","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:53,4141421","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:53,4149799","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,4154632","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:53,4159899","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.583.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4160543","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:53,4163901","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.585.344, EndOfFile: 406.583.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4168739","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.583.479, Length: 4.380, Priority: Normal"
"12:26:53,4182179","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,4187380","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:53,4190776","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 406.585.344, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:53,4191845","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:53,4196006","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.587.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4198791","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.587.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4201207","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.587.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4203237","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.587.859, Length: 2.920"
"12:26:53,4206040","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.590.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4315756","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 6.656, Length: 1.024"
"12:26:53,4327046","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,4384341","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4387173","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4389207","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976032, endtime: 976032, seqnum: 0, connid: 0"
"12:26:53,4406379","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4408455","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4410022","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4411193","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4412462","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976032, endtime: 976032, seqnum: 0, connid: 0"
"12:26:53,4426112","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 4.096, Length: 3.584"
"12:26:53,4448984","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,4460642","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 4.096, Length: 3.584"
"12:26:53,4493460","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.590.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4497416","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.590.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4499870","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.590.779, Length: 2.920"
"12:26:53,4503844","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.593.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4538440","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:26:53,4543614","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.593.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4546431","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.593.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4548792","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.593.699, Length: 5.840"
"12:26:53,4552025","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.599.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4633009","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:53,4636554","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:53,4639022","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:53,4642241","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:53,4647023","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:53,4651216","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,4714866","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4717707","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4720105","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976032, endtime: 976032, seqnum: 0, connid: 0"
"12:26:53,4738900","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4740584","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4742151","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4743719","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,4745790","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976032, endtime: 976032, seqnum: 0, connid: 0"
"12:26:53,4858119","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.599.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4861687","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.599.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4864873","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.599.539, Length: 2.920"
"12:26:53,4868088","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.602.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4909947","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.602.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4913534","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.602.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4915577","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.602.459, Length: 5.840"
"12:26:53,4918736","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.608.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,4954409","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,4958467","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,4960902","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:53,4963286","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:53,4965241","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:53,4966897","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:53,4968926","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:53,5003368","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:53,5008187","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,5023791","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:26:53,5038845","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,5042848","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976033, endtime: 976033, seqnum: 0, connid: 0"
"12:26:53,5057104","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,5063952","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.026.680, Length: 16.200"
"12:26:53,5067978","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.023.424, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,5071524","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,5073982","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,5075200","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,5076385","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:53,5080770","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976033, endtime: 976033, seqnum: 0, connid: 0"
"12:26:53,5095236","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:53,5100876","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:53,5106478","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:53,5112538","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:53,5118178","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:53,5123739","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:53,5130554","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:53,5137356","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:53,5143397","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:53,5148659","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:53,5153875","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:53,5159095","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:53,5164296","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:53,5169521","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:53,5173864","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.608.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,5176313","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:53,5176696","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.608.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,5182723","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.608.299, Length: 1.460"
"12:26:53,5183157","SavService.exe","1536","ReadFile","C:\Windows\System32\NapiNSP.dll","SUCCESS","Offset: 65.536, Length: 2.560"
"12:26:53,5185573","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.609.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,5190803","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.255.560, Length: 16.200"
"12:26:53,5216227","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.609.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,5219036","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.609.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,5220664","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.609.759, Length: 5.840"
"12:26:53,5223920","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.615.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:53,5303029","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:52567 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 45, seqnum: 0, connid: 0"
"12:26:53,5307279","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:51087 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:26:53,5336570","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:52567 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 320, seqnum: 0, connid: 0"
"12:26:53,5339421","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:51087 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 117, seqnum: 0, connid: 0"
"12:26:53,5366492","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:52346","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:26:53,5382931","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:56753 -> 224.0.0.252:llmnr","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:26:53,5435095","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,5439517","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,5442718","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:53,5445512","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:53,5447527","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:53,5449519","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:53,5451973","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:53,5489652","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:53,5494429","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,5513103","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 224, Length: 4.096"
"12:26:53,5541616","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,5547661","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 237.066, Length: 16.200"
"12:26:53,5558078","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:53,5563672","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:53,5568948","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:53,5574168","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:53,5579365","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:53,5584580","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:53,5589786","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:53,5594997","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:53,5600203","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:53,5605409","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:53,5610606","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:53,5615491","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:53,5620692","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:53,5626267","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:53,5631888","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:53,5637122","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:53,5642324","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:53,5647525","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:53,5652727","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:53,5657615","SavService.exe","1536","ReadFile","C:\Windows\System32\pnrpnsp.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:53,5664016","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.466.970, Length: 16.200"
"12:26:53,5899645","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,5903657","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,5906083","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:53,5908457","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:53,5910426","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:53,5912068","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:53,5914083","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:53,5950144","SavService.exe","1536","ReadFile","C:\Windows\System32\winrnr.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:53,5954594","SavService.exe","1536","ReadFile","C:\Windows\System32\winrnr.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,5973133","SavService.exe","1536","ReadFile","C:\Windows\System32\winrnr.dll","SUCCESS","Offset: 224, Length: 4.096"
"12:26:53,5991564","SavService.exe","1536","ReadFile","C:\Windows\System32\winrnr.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,5997167","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.260.906, Length: 16.200"
"12:26:53,6006441","SavService.exe","1536","ReadFile","C:\Windows\System32\winrnr.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:53,6012001","SavService.exe","1536","ReadFile","C:\Windows\System32\winrnr.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:53,6017250","SavService.exe","1536","ReadFile","C:\Windows\System32\winrnr.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:53,6022460","SavService.exe","1536","ReadFile","C:\Windows\System32\winrnr.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:53,6029290","SavService.exe","1536","ReadFile","C:\Windows\System32\winrnr.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:53,6034510","SavService.exe","1536","ReadFile","C:\Windows\System32\winrnr.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:53,6040882","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.741.748, Length: 16.200"
"12:26:53,6044101","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.752.512, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,6333844","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:52346","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:26:53,6346720","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:56753 -> 224.0.0.252:llmnr","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:26:53,6416951","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,6421756","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,6425754","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:53,6428996","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:53,6431749","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:53,6435705","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:53,6439381","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:53,6479481","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:53,6485476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:53,6528440","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,6573290","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\etc","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall"
"12:26:53,6588595","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,6592621","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,6595835","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,6599805","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,6602250","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,6603463","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\etc","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:53,6605455","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,6608319","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\etc\services","SUCCESS","Filter: services, 1: services"
"12:26:53,6613091","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\etc","SUCCESS",""
"12:26:53,6631448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 16.439, Length: 1.024"
"12:26:53,6639229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 3.906, Length: 4.096"
"12:26:53,6646208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 17.399, Length: 64"
"12:26:53,6659084","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,6685576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 16.655, Length: 808"
"12:26:53,6693768","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 16.439, Length: 1.024"
"12:26:53,6716267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,6721856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 17.207, Length: 256"
"12:26:53,6734685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 256, Length: 4.096"
"12:26:53,6737927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 0, Length: 4.096"
"12:26:53,6779986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 7.936, Length: 4.096"
"12:26:53,6787614","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,6791686","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,6795246","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,6798917","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,6801744","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,6804944","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,6812940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 3.840, Length: 4.096"
"12:26:53,6820115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 16.128, Length: 1.335"
"12:26:53,6835001","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\etc\services","SUCCESS","Offset: 0, Length: 17.463"
"12:26:53,7013973","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,7017579","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,7019987","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,7022832","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,7024852","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,7028076","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,7236256","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,7240230","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,7242666","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,7245866","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,7248627","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,7251478","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,7483911","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,7487550","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,7490293","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,7493134","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,7495154","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,7497533","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,7700363","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,7703992","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,7706427","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,7709604","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,7711633","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,7714026","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,7957759","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,7961682","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,7964108","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,7966939","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,7968945","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,7971320","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,8209281","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,8213695","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,8217296","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,8221672","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,8224513","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,8228151","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,8480430","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,8484041","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,8486476","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,8489317","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,8491649","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,8493720","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,8744450","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,8748089","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,8750505","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,8753659","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,8755684","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,8758067","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,9126094","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,9130082","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,9132499","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,9135676","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,9137700","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,9140107","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,9524578","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,9530246","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,9533847","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,9538223","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,9541078","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,9544236","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,9752976","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,9757366","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,9760604","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,9764238","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,9766580","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,9768651","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:53,9985340","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:53,9988927","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:53,9991363","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:53,9994185","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:53,9996200","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:53,9998570","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,0205318","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,0208952","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,0211369","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,0214536","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,0216561","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,0218959","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,0430092","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,0434906","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,0437724","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,0440555","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,0442557","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,0444619","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,0577832","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,0584177","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,0587041","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:54,0589457","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:54,0591435","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:54,0593082","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:54,0595093","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:54,0632357","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:54,0637152","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,0654562","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:26:54,0683760","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,0684586","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,0687371","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,0689802","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,0690599","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 370.230, Length: 16.200"
"12:26:54,0692992","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,0694224","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 368.640, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,0695372","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,0697457","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,0722732","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,0727924","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\hal.dll","NO SUCH FILE","Filter: hal.dll"
"12:26:54,0731539","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,0746780","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,0750773","SavService.exe","1536","QueryDirectory","C:\Windows\System32\hal.dll","SUCCESS","Filter: hal.dll, 1: hal.dll"
"12:26:54,0754804","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:54,0780508","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,0785733","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:54,0787739","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,0794111","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,0797712","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,0800927","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,0827424","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,0830978","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:54,0832616","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,0838657","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,0842249","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,0845473","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,0858679","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,0862295","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:54,0865504","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,0954979","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,0958272","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,0961011","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,0963838","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,0965862","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,0968246","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,0970644","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 256.000, Length: 7.040"
"12:26:54,0974273","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 253.952, Length: 9.088, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,0990843","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:54,0994426","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 221.184, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,1026017","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 244.736, Length: 4.096"
"12:26:54,1030029","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 241.664, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,1044458","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 248.832, Length: 4.096"
"12:26:54,1048055","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 249.856, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,1062372","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 120.320, Length: 4.096"
"12:26:54,1079978","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 250.880, Length: 4.096"
"12:26:54,1107338","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 256.000, Length: 4.096"
"12:26:54,1117349","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,1136172","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 256.000, Length: 4.096"
"12:26:54,1157444","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 33.792, Length: 4.096"
"12:26:54,1171108","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 256.000, Length: 4.096"
"12:26:54,1176720","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 260.096, Length: 2.944"
"12:26:54,1180961","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,1181945","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:26:54,1184571","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,1186993","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,1190225","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,1192269","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,1194657","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,1228852","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,1234118","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 4.096, Length: 57.760"
"12:26:54,1237309","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 61.856, Length: 61.440"
"12:26:54,1240537","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 123.296, Length: 61.440"
"12:26:54,1271802","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 184.736, Length: 61.440"
"12:26:54,1275838","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 246.176, Length: 9.824"
"12:26:54,1434270","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,1437914","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,1440657","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,1443493","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,1445518","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,1447897","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,1508691","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 257.387, Length: 4.096"
"12:26:54,1539135","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:54,1556003","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 122.368, Length: 4.096"
"12:26:54,1590072","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,1597746","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:54,1601716","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,1611386","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:54,1616644","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:54,1622172","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:54,1627457","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:54,1633013","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:54,1637907","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:54,1643108","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:54,1648310","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:54,1653521","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:54,1658727","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:54,1663937","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:54,1669139","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:54,1674373","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:54,1676985","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,1679603","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:54,1680587","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,1683003","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,1685583","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:54,1686180","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,1688181","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,1690243","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,1690855","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:54,1696051","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:54,1701262","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:54,1706464","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:54,1711660","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:54,1716540","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:54,1721741","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:54,1727325","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:54,1732588","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:54,1737798","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:54,1742995","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:54,1748201","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:54,1753407","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:54,1758623","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:54,1763834","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:54,1769040","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:54,1774246","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:54,1779448","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:54,1787639","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:54,1794058","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:54,1799638","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:54,1804853","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:54,1809737","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:54,1814934","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:54,1820140","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:54,1825365","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:54,1834355","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:54,1843582","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:54,1850001","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:54,1855608","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:54,1860833","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:54,1866044","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:54,1871245","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:54,1876456","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:54,1881704","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:54,1886920","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:54,1892135","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:54,1897355","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:54,1897743","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,1901391","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,1903802","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,1906387","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:54,1906951","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,1908962","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,1911019","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,1912447","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:54,1918017","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:54,1923237","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:54,1928905","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:54,1934120","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:54,1939331","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:54,1944537","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:54,1948754","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,1949767","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:54,1953144","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,1954987","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:54,1956013","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:54,1959586","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,1960198","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 262.144, Length: 896"
"12:26:54,1961980","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,1964028","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,1965973","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:54,1968385","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:54,1970792","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,1972373","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,1973670","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:54,1976054","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:54,1976259","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,1985459","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:54,1989900","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:54,1994303","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:54,1998712","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:54,2003116","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:54,2007524","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:54,2011937","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:54,2016346","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:54,2020759","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:54,2025554","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:54,2034581","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:54,2040202","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:54,2044667","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:54,2049089","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:54,2053493","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:54,2057901","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:54,2062314","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:54,2066728","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:54,2071131","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:54,2075544","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:54,2079957","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:54,2084371","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:54,2088779","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:54,2093187","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:54,2097586","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:54,2101990","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:54,2106399","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:54,2110798","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:54,2114894","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:54,2119302","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:54,2123123","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,2123715","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:54,2127517","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,2128539","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:54,2129962","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,2133115","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,2133288","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:54,2135144","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,2137533","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,2137719","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:54,2142123","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:54,2146527","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:54,2150926","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:54,2155330","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:54,2159421","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:54,2163820","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:54,2168229","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:54,2172628","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:54,2177036","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:54,2181435","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:54,2185844","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:54,2190252","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:54,2194656","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:54,2198738","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:54,2203137","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:54,2207545","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:54,2211949","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:54,2216357","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:54,2220761","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:54,2225160","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:54,2230394","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:54,2234812","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:54,2239221","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:54,2248303","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:54,2254764","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:54,2260367","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:54,2265942","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:54,2270378","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:54,2274814","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:54,2279242","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 262.144, Length: 896"
"12:26:54,2314131","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 256.000, Length: 4.096"
"12:26:54,2355804","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,2359461","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,2362209","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,2365050","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,2367079","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,2369467","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,2447732","SavService.exe","1536","ReadFile","C:\Windows\System32\hal.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,2502630","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2506212","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976040, endtime: 976040, seqnum: 0, connid: 0"
"12:26:54,2522731","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2524718","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2525903","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2527102","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2527947","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2529561","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976040, endtime: 976040, seqnum: 0, connid: 0"
"12:26:54,2602615","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,2606221","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,2608651","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,2611492","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,2613507","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,2616250","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,2654713","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.615.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2657956","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.615.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2660013","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.615.599, Length: 1.460"
"12:26:54,2663218","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.617.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2692607","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.617.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2695775","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.617.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2697739","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.617.059, Length: 7.300"
"12:26:54,2700971","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.624.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2828097","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2830878","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2832893","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976041, endtime: 976041, seqnum: 0, connid: 0"
"12:26:54,2841243","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,2846468","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,2850023","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,2850107","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2851749","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2852929","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2853778","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,2854039","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,2855341","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976041, endtime: 976041, seqnum: 0, connid: 0"
"12:26:54,2856852","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,2860076","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,2898100","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.624.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2900899","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.624.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2902541","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.624.359, Length: 2.920"
"12:26:54,2905718","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.627.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2944027","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.627.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2946850","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.627.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2948403","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,2948860","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.627.279, Length: 5.840"
"12:26:54,2952084","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.633.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,2952802","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,2955652","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:54,2958857","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,2962020","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,2963233","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,2964843","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,2966900","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,2967301","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:54,2970510","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:54,2973254","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,2973911","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:54,2974877","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,2976519","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:54,2977172","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:54,2978478","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:54,2979519","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:54,2981175","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:54,2983199","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:54,3017244","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:54,3021704","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,3038717","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:26:54,3065882","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,3071694","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,3074661","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 940.308, Length: 16.200"
"12:26:54,3078165","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,3080992","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,3084201","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,3086212","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,3088591","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,3096349","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,3101130","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\kdcom.dll","NO SUCH FILE","Filter: kdcom.dll"
"12:26:54,3104419","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,3120397","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,3124423","SavService.exe","1536","QueryDirectory","C:\Windows\System32\kdcom.dll","SUCCESS","Filter: kdcom.dll, 1: kdcom.dll"
"12:26:54,3129204","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:54,3151405","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,3154241","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,3155711","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,3156266","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976041, endtime: 976041, seqnum: 0, connid: 0"
"12:26:54,3160973","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:54,3162998","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,3169407","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,3171063","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,3172692","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,3173354","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,3173867","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,3174721","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,3176288","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976041, endtime: 976041, seqnum: 0, connid: 0"
"12:26:54,3176601","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,3203042","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,3206275","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:54,3207894","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,3213921","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,3217522","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,3220750","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,3228228","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.633.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3232152","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.633.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3234228","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.633.119, Length: 2.920"
"12:26:54,3235604","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,3238211","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.636.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3239550","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:54,3243170","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,3269929","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.636.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3272770","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.636.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3286018","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.636.039, Length: 4.380"
"12:26:54,3291682","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.640.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3313225","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.640.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3315268","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.640.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3316882","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.640.419, Length: 1.460"
"12:26:54,3319630","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.641.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3346337","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 10.752, Length: 7.040"
"12:26:54,3352285","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,3353344","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 7.680, Length: 4.096"
"12:26:54,3356245","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,3358671","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,3361517","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,3363700","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 6.144, Length: 4.096"
"12:26:54,3363873","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,3366690","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,3370921","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 10.752, Length: 4.096"
"12:26:54,3374957","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 8.704, Length: 4.096"
"12:26:54,3383764","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,3399028","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 10.752, Length: 4.096"
"12:26:54,3419129","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:54,3433936","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 10.752, Length: 4.096"
"12:26:54,3439586","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 14.848, Length: 2.944"
"12:26:54,3444806","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:26:54,3467641","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,3471200","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976041, endtime: 976041, seqnum: 0, connid: 0"
"12:26:54,3482466","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,3484453","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,3485722","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976041, endtime: 976041, seqnum: 0, connid: 0"
"12:26:54,3488521","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,3493737","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 4.096, Length: 6.656"
"12:26:54,3517370","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 12.139, Length: 4.096"
"12:26:54,3545266","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.641.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3548877","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.641.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3551354","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.641.879, Length: 1.460"
"12:26:54,3555333","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.643.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3583207","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,3589575","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,3590834","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.643.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3592028","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 6.656, Length: 4.096"
"12:26:54,3593213","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,3593694","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.643.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3595634","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,3595676","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.643.339, Length: 2.920"
"12:26:54,3595970","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,3598471","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.646.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,3598839","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,3600864","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,3603248","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,3640586","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 10.752, Length: 4.096"
"12:26:54,3763742","SavService.exe","1536","ReadFile","C:\Windows\System32\kdcom.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,3822554","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,3826543","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,3829379","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,3832220","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,3836241","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,3839502","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,4068437","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,4072047","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,4074450","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,4077282","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,4079614","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,4081695","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,4112078","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4114905","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4116146","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4117326","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4118506","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4120148","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976042, endtime: 976042, seqnum: 0, connid: 0"
"12:26:54,4187679","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.646.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,4190940","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.650.880, EndOfFile: 406.646.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,4196482","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.646.259, Length: 5.840, Priority: Normal"
"12:26:54,4223791","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.652.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,4227434","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.652.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,4229864","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.652.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,4231880","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.652.099, Length: 1.460"
"12:26:54,4235024","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.653.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,4266601","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,4270604","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,4273347","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:54,4275413","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:54,4277377","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:54,4279010","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:54,4281021","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:54,4292151","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,4296159","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,4298571","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,4301398","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,4303399","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,4309375","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,4313928","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:54,4318681","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,4336259","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:26:54,4351103","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,4354723","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\","SUCCESS","Desired Access: Query Value"
"12:26:54,4359197","taskhost.exe","2568","RegQueryValue","HKCU\AppEvents\Schemes\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: .Default"
"12:26:54,4362346","taskhost.exe","2568","RegCloseKey","HKCU\AppEvents\Schemes","SUCCESS",""
"12:26:54,4364277","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,4366740","taskhost.exe","2568","RegOpenKey","HKCU","SUCCESS","Desired Access: Query Value"
"12:26:54,4369600","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,4370286","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.861.628, Length: 16.200"
"12:26:54,4371993","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\Maximize\.Current","SUCCESS","Desired Access: Query Value"
"12:26:54,4373495","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.875.392, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,4375627","taskhost.exe","2568","RegQueryValue","HKCU\AppEvents\Schemes\Apps\.Default\Maximize\.Current\(Default)","SUCCESS","Type: REG_SZ, Length: 0"
"12:26:54,4378393","taskhost.exe","2568","RegCloseKey","HKCU\AppEvents\Schemes\Apps\.Default\Maximize\.Current","SUCCESS",""
"12:26:54,4380800","taskhost.exe","2568","RegCloseKey","HKCU","SUCCESS",""
"12:26:54,4382797","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,4384868","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\Maximize\.Current","SUCCESS","Desired Access: Query Value"
"12:26:54,4388008","taskhost.exe","2568","RegQueryValue","HKCU\AppEvents\Schemes\Apps\.Default\Maximize\.Current\Default Flags","NAME NOT FOUND","Length: 144"
"12:26:54,4390826","taskhost.exe","2568","RegCloseKey","HKCU\AppEvents\Schemes\Apps\.Default\Maximize\.Current","SUCCESS",""
"12:26:54,4396685","taskhost.exe","2568","RegOpenKey","HKCU","SUCCESS","Desired Access: Query Value"
"12:26:54,4401103","taskhost.exe","2568","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,4403944","taskhost.exe","2568","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\Maximize\.Current\Active","NAME NOT FOUND","Desired Access: Query Value"
"12:26:54,4403967","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,4408609","taskhost.exe","2568","RegCloseKey","HKCU","SUCCESS",""
"12:26:54,4409593","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\mcupdate_GenuineIntel.dll","NO SUCH FILE","Filter: mcupdate_GenuineIntel.dll"
"12:26:54,4413250","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,4430856","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,4434882","SavService.exe","1536","QueryDirectory","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Filter: mcupdate_GenuineIntel.dll, 1: mcupdate_GenuineIntel.dll"
"12:26:54,4438926","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:54,4446124","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4449292","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976042, endtime: 976042, seqnum: 0, connid: 0"
"12:26:54,4472538","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,4478192","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:54,4480533","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,4486999","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,4490992","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,4494603","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,4517853","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.653.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,4520704","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.653.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,4521884","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,4522691","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.653.559, Length: 1.460"
"12:26:54,4525541","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:54,4526320","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.655.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,4527552","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,4533952","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,4537577","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,4541141","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,4554758","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,4558378","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:54,4561588","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,4577113","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,4581050","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,4583495","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,4586340","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,4588696","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,4588864","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 288.868, Length: 4.096"
"12:26:54,4591103","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,4592512","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 286.720, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,4609134","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:26:54,4631390","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:54,4635430","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:54,4638584","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:54,4642236","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:54,4642437","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,4647410","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:54,4684543","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 292.352, Length: 7.040"
"12:26:54,4687813","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 294.912, Length: 4.480, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,4704458","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 288.768, Length: 4.096"
"12:26:54,4710089","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 2.560, Length: 4.096"
"12:26:54,4718537","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 292.352, Length: 4.096"
"12:26:54,4723365","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 289.792, Length: 4.096"
"12:26:54,4738592","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,4757858","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 292.352, Length: 4.096"
"12:26:54,4769726","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4773323","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4775296","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4776896","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4778482","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4780572","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976042, endtime: 976043, seqnum: 0, connid: 0"
"12:26:54,4785233","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 296.448, Length: 2.944"
"12:26:54,4792417","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:26:54,4796597","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4799004","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4800557","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,4802572","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976043, endtime: 976043, seqnum: 0, connid: 0"
"12:26:54,4840545","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,4841520","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,4845173","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,4846932","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 4.096, Length: 57.752"
"12:26:54,4847921","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,4850169","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 61.848, Length: 61.440"
"12:26:54,4850780","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,4852786","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,4853785","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 123.288, Length: 61.440"
"12:26:54,4855609","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,4884667","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 184.728, Length: 61.440"
"12:26:54,4889061","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 246.168, Length: 46.184"
"12:26:54,5013435","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.655.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5017083","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.655.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5019835","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.655.019, Length: 7.300"
"12:26:54,5034297","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.662.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5054767","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.662.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5057580","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.662.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5059623","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.662.319, Length: 4.380"
"12:26:54,5063192","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.666.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5083270","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,5084082","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5087315","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976043, endtime: 976043, seqnum: 0, connid: 0"
"12:26:54,5104001","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5106418","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5108004","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5109884","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,5110042","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976043, endtime: 976043, seqnum: 0, connid: 0"
"12:26:54,5114316","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,5119121","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,5120431","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5121990","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,5122526","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976043, endtime: 976043, seqnum: 0, connid: 0"
"12:26:54,5125605","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,5187374","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 293.739, Length: 4.096"
"12:26:54,5192538","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.666.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5195426","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.666.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5197805","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.666.699, Length: 5.840"
"12:26:54,5201794","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.672.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5219927","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.672.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5222716","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.672.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5224340","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.672.539, Length: 1.460"
"12:26:54,5228767","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.673.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5266367","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 288.868, Length: 4.096"
"12:26:54,5269637","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,5280035","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 288.868, Length: 4.096"
"12:26:54,5316151","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 292.964, Length: 4.096"
"12:26:54,5319342","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 292.352, Length: 4.096"
"12:26:54,5330963","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,5334578","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,5336990","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,5339822","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,5342154","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,5344216","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,5411826","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5415012","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976043, endtime: 976043, seqnum: 0, connid: 0"
"12:26:54,5433052","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5435883","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5437521","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5439541","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976043, endtime: 976043, seqnum: 0, connid: 0"
"12:26:54,5485458","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.673.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5488621","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.673.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5490254","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.673.999, Length: 1.460"
"12:26:54,5493417","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.675.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5501874","SavService.exe","1536","ReadFile","C:\Windows\System32\mcupdate_GenuineIntel.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,5529580","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.675.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5532379","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.675.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5534007","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.675.459, Length: 4.380"
"12:26:54,5536857","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.679.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5575973","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,5580816","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,5584389","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,5588396","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,5591237","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,5594032","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,5741800","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5745784","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976043, endtime: 976043, seqnum: 0, connid: 0"
"12:26:54,5767873","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5770681","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5772664","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5774287","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5775878","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:54,5777907","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976043, endtime: 976044, seqnum: 0, connid: 0"
"12:26:54,5824053","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,5828835","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,5832086","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,5836094","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,5839266","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,5842531","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,5852920","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.679.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5856195","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.679.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5858612","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.679.839, Length: 1.460"
"12:26:54,5862180","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.681.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5889695","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.681.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5892941","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.681.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5895334","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.681.299, Length: 7.300"
"12:26:54,5899332","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.688.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:54,5965673","spoolsv.exe","2056","Thread Exit","","SUCCESS","Thread ID: 8668, User Time: 0.0312002, Kernel Time: 0.0000000"
"12:26:54,6073174","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,6076794","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,6079224","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,6082382","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,6085191","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,6088372","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,6150141","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,6153813","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,6156565","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:54,6159369","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:54,6161445","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:54,6163843","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:54,6166632","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:54,6207227","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:54,6212069","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,6230379","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 224, Length: 4.096"
"12:26:54,6264429","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,6270839","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 181.014, Length: 16.200"
"12:26:54,6293259","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,6300541","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\PSHED.dll","SUCCESS","Filter: PSHED.dll, 1: PSHED.DLL"
"12:26:54,6306120","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,6323791","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,6327691","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,6329805","SavService.exe","1536","QueryDirectory","C:\Windows\System32\PSHED.dll","SUCCESS","Filter: PSHED.dll, 1: PSHED.DLL"
"12:26:54,6331311","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,6334078","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,6335407","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:54,6336928","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,6339279","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,6341668","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,6364680","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,6371934","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:54,6374756","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,6383989","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,6388420","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,6392787","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,6435290","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,6439357","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:54,6441326","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,6447773","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,6451402","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,6454980","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,6468985","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,6472614","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:54,6475828","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,6598630","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 50.176, Length: 7.248"
"12:26:54,6605016","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 25.088, Length: 4.096"
"12:26:54,6614621","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 32.256, Length: 4.096"
"12:26:54,6618638","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 14.848, Length: 4.096"
"12:26:54,6626652","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 33.792, Length: 4.096"
"12:26:54,6636720","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 50.176, Length: 4.096"
"12:26:54,6642318","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 48.128, Length: 4.096"
"12:26:54,6650775","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,6666781","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 50.176, Length: 4.096"
"12:26:54,6687302","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 24.064, Length: 4.096"
"12:26:54,6702879","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 50.176, Length: 4.096"
"12:26:54,6709293","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 54.272, Length: 3.152"
"12:26:54,6715339","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 224, Length: 4.096"
"12:26:54,6763085","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,6768748","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 4.096, Length: 46.080"
"12:26:54,6842829","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 51.563, Length: 4.096"
"12:26:54,6870487","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:54,6918691","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,6932877","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 15.872, Length: 4.096"
"12:26:54,6938564","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,6987047","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 50.176, Length: 4.096"
"12:26:54,7011459","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,7015065","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,7017486","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,7020313","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,7022333","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,7024722","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,7034364","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,7038390","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:54,7042458","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:54,7046801","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:26:54,7050015","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:54,7052847","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,7055660","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:54,7058916","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:54,7062489","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:26:54,7065340","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:54,7068143","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,7071283","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:54,7074147","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:54,7077361","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:26:54,7080170","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:54,7082931","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,7085404","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:54,7088571","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:54,7091734","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:26:54,7094221","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:54,7129460","SavService.exe","1536","ReadFile","C:\Windows\System32\PSHED.DLL","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,7471223","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,7475267","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,7477702","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:54,7480095","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:54,7482059","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:54,7483701","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:54,7485731","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:54,7520569","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:54,7525005","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,7542835","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:54,7561696","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,7570466","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.575.536, Length: 16.200"
"12:26:54,7574893","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.572.288, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,7609171","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,7615198","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\PSHED.dll.mui","SUCCESS","Filter: PSHED.dll.mui, 1: pshed.dll.mui"
"12:26:54,7621170","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:54,7643249","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,7648511","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\PSHED.dll.mui","SUCCESS","Filter: PSHED.dll.mui, 1: pshed.dll.mui"
"12:26:54,7654049","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:54,7689806","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,7697447","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:54,7700619","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,7709865","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,7715071","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,7719107","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,7749219","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,7753595","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:54,7756375","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,7762855","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,7766834","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,7766895","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,7770445","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,7770874","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,7773328","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,7776496","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,7778534","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,7780923","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,7784445","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,7788083","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:54,7791307","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,7899600","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 6.656, Length: 2.560"
"12:26:54,7908832","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,8005897","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:54,8008491","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,8011961","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 8.192, Length: 1.024"
"12:26:54,8012101","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,8014508","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,8017335","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,8019341","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,8021711","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,8027570","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,8038813","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:54,8044075","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 8.192, Length: 1.024"
"12:26:54,8111097","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:26:54,8248710","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\pshed.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,8269325","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,8272949","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,8275357","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,8278188","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,8280213","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,8282587","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,8567227","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,8570870","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,8573301","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,8576473","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,8578493","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,8580891","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,8837358","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,8842154","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,8845769","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,8849819","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,8853009","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,8856238","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,8956474","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,8961653","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,8965245","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:54,8968468","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:54,8970507","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:54,8972919","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:54,8976063","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:54,9016247","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:54,9022610","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,9057467","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:54,9092492","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,9100525","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.120.964, Length: 16.200"
"12:26:54,9108208","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.117.632, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,9147259","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,9152115","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\CLFS.SYS","NO SUCH FILE","Filter: CLFS.SYS"
"12:26:54,9153515","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,9155735","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,9156766","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,9159509","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,9162341","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,9164351","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,9166731","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,9171773","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,9176191","SavService.exe","1536","QueryDirectory","C:\Windows\System32\CLFS.SYS","SUCCESS","Filter: CLFS.SYS, 1: clfs.sys"
"12:26:54,9181006","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:54,9211487","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,9217490","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:54,9219510","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,9229554","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,9234373","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,9239929","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,9274851","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,9279283","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:54,9281714","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:54,9288524","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,9292905","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:54,9296558","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:54,9311332","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:54,9315745","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:54,9318987","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:54,9351115","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 351.844, Length: 4.096"
"12:26:54,9356330","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 348.160, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,9372229","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:54,9403083","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,9445044","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,9449285","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 360.448, Length: 7.248"
"12:26:54,9450185","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,9453623","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 360.448, Length: 7.248, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,9453833","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,9457841","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,9460220","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,9463504","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,9468757","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 349.184, Length: 4.096"
"12:26:54,9488751","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 353.280, Length: 4.096"
"12:26:54,9491993","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 356.352, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:54,9503828","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 74.240, Length: 4.096"
"12:26:54,9522218","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 355.840, Length: 4.096"
"12:26:54,9554042","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:54,9559720","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 357.376, Length: 4.096"
"12:26:54,9571317","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,9590947","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:54,9634313","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 364.544, Length: 3.152"
"12:26:54,9640760","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:54,9684490","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:54,9690461","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:26:54,9693670","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 61.840, Length: 61.440"
"12:26:54,9695998","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,9698083","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 123.280, Length: 61.440"
"12:26:54,9699949","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,9702366","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,9705226","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,9707577","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,9709974","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:54,9731797","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 184.720, Length: 61.440"
"12:26:54,9737783","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 246.160, Length: 61.440"
"12:26:54,9760300","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 307.600, Length: 52.848"
"12:26:54,9923319","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:54,9927321","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:54,9929738","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:54,9932891","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:54,9934911","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:54,9936964","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,0115745","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 361.835, Length: 4.096"
"12:26:55,0171287","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,0174902","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,0177305","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,0180454","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,0182464","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,0184522","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,0190829","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 351.844, Length: 4.096"
"12:26:55,0194831","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,0205285","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 94.720, Length: 4.096"
"12:26:55,0210081","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 351.844, Length: 4.096"
"12:26:55,0259390","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:55,0340057","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 359.424, Length: 4.096"
"12:26:55,0405447","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,0411894","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,0415495","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,0421163","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,0424778","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,0427629","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,0480110","SavService.exe","1536","ReadFile","C:\Windows\System32\clfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,0733447","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,0738607","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,0742232","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,0746649","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,0749481","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,0753068","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,0808199","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,0812207","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,0814945","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:55,0817016","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:55,0818975","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:55,0821033","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:55,0823379","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:55,0862752","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\clfs.sys.mui","SUCCESS","Offset: 0, Length: 2.048, I/O Flags: Synchronous"
"12:26:55,0868742","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\clfs.sys.mui","SUCCESS","Offset: 0, Length: 2.048, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,0886497","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\clfs.sys.mui","SUCCESS","Offset: 184, Length: 1.864"
"12:26:55,0907363","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\clfs.sys.mui","SUCCESS","Offset: 0, Length: 2.048"
"12:26:55,0914160","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.087.456, Length: 16.200"
"12:26:55,0939113","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,0945075","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\CLFS.SYS.mui","NO SUCH FILE","Filter: CLFS.SYS.mui"
"12:26:55,0949120","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:55,0968395","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,0972766","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\CLFS.SYS.mui","SUCCESS","Filter: CLFS.SYS.mui, 1: clfs.sys.mui"
"12:26:55,0977240","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:55,0995284","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,0998937","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,1001372","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,1004549","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,1006490","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,1006928","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,1009326","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,1012120","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:55,1014528","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:55,1021763","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,1026545","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:55,1030944","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:55,1061476","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,1065455","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:55,1067097","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:55,1073502","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,1078317","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:55,1082688","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:55,1100373","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,1104744","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:55,1107991","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:55,1290691","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,1295472","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,1299065","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,1303104","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,1306258","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,1309467","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,1518711","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1527892","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:55,1531139","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:55,1550004","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,1591420","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1598198","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, FileAttributes: ANCI"
"12:26:55,1600204","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,1604468","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,1606665","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1608433","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,1610878","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,1611498","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:55,1614050","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,1615879","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,1616854","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,1620082","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,1630326","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1635094","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:55,1638341","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,1658008","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1663634","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:55,1667604","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,1682462","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1686941","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:55,1690145","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,1723066","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1730740","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, FileAttributes: ANCI"
"12:26:55,1732723","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,1769446","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1775487","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:55,1778305","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,1805516","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1809999","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,1812009","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,1837308","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,1841273","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,1843321","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1843736","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,1846889","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,1848126","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,1848937","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,1850104","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,1851344","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,1874609","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1879358","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,1880991","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:55,1908262","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1913865","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:55,1916300","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:55,1946753","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1951189","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:55,1952818","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:55,1975662","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,1981274","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:55,1983322","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,2005737","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2009782","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:55,2011401","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,2036624","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2042269","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:55,2045045","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:55,2053129","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2059161","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,2069177","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2077583","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:55,2080746","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,2100040","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2108031","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:55,2111255","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:55,2112906","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,2116512","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,2118528","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:55,2118948","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,2121289","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5c00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:55,2122129","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,2123738","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,2124168","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,2127018","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,2137318","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2142991","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:55,2145767","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:55,2161002","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,2193149","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2198350","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, FileAttributes: ANCI"
"12:26:55,2200370","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,2206757","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2211189","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:55,2214804","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,2230474","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2235670","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:55,2240070","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,2256542","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2262499","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:55,2267332","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,2267747","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,2272179","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,2275407","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:55,2278971","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:55,2281397","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:55,2283832","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:55,2285409","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2286617","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:55,2291053","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:55,2295392","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,2327953","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2331891","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:55,2333985","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, FileAttributes: ANCI"
"12:26:55,2336775","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,2337195","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,2353574","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:26:55,2363617","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2365577","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,2368035","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:55,2369201","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,2369677","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,2371637","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,2374813","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,2376824","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,2379203","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,2383075","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,2389121","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 218.760, Length: 16.200"
"12:26:55,2392554","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2396972","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,2398913","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,2410347","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,2416962","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\CI.dll","NO SUCH FILE","Filter: CI.dll"
"12:26:55,2424192","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:55,2424216","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2432207","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,2433858","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,2453157","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,2457617","SavService.exe","1536","QueryDirectory","C:\Windows\System32\CI.dll","SUCCESS","Filter: CI.dll, 1: ci.dll"
"12:26:55,2459115","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2462040","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:26:55,2463514","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,2465156","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:55,2490403","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2490482","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,2494466","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:55,2496439","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:55,2496551","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:55,2498912","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:55,2505345","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,2509310","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:55,2512566","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:55,2518878","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2522904","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:55,2524532","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:55,2545366","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,2549751","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:55,2552186","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:55,2554602","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2559841","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:55,2560256","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,2562262","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,2565047","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:55,2569493","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:55,2586740","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,2590677","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2591498","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:55,2596350","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:55,2597786","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:55,2598337","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,2619964","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2624013","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:55,2628389","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:55,2635340","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,2636044","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2642104","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,2642939","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,2646526","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,2649764","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,2651280","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2652180","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,2657293","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:55,2657428","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,2659308","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,2677791","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2685395","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:55,2689393","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:55,2698933","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:55,2702166","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5c00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:55,2702917","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 765.952, Length: 14.056"
"12:26:55,2705361","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,2707321","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 765.952, Length: 14.056, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,2724460","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 370.176, Length: 4.096"
"12:26:55,2725836","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:26:55,2730436","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 368.640, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,2742859","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 742.912, Length: 4.096"
"12:26:55,2746455","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 741.376, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,2762946","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:55,2764826","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2770079","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, FileAttributes: ANCI"
"12:26:55,2772071","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,2778494","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2783285","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:55,2787297","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,2796291","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 765.952, Length: 4.096"
"12:26:55,2800942","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2802664","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 745.984, Length: 4.096"
"12:26:55,2806144","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:55,2806307","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 749.568, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,2809750","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,2819733","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 752.128, Length: 4.096"
"12:26:55,2823353","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 753.664, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,2823442","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2828578","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:55,2832212","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,2846925","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,2848036","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2856395","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:55,2861629","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,2865800","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 765.952, Length: 4.096"
"12:26:55,2880737","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,2884320","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,2886704","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,2888276","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 35.328, Length: 4.096"
"12:26:55,2890720","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,2893510","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,2895926","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,2896920","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2902593","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, FileAttributes: ANCI"
"12:26:55,2903465","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 765.952, Length: 4.096"
"12:26:55,2904594","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,2909478","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 770.048, Length: 9.960"
"12:26:55,2949121","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2954337","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:55,2956306","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,2966965","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,2978170","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 17.408, Length: 4.096"
"12:26:55,2981758","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,2982593","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,2986959","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,2989716","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,3015794","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3021891","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,3042561","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3045164","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,3045575","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 765.952, Length: 4.096"
"12:26:55,3046121","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976051, endtime: 976051, seqnum: 0, connid: 0"
"12:26:55,3065000","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3066623","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3067799","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3068643","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3069800","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3071051","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976051, endtime: 976051, seqnum: 0, connid: 0"
"12:26:55,3080782","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3086398","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,3088428","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:55,3093321","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,3097380","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,3100963","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,3105012","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,3108175","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,3111431","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,3122263","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3128668","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:55,3131448","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:55,3157950","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3163175","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:55,3165601","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:55,3189677","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3194822","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:55,3196460","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,3217671","SavService.exe","1536","ReadFile","C:\Windows\System32\ci.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,3218511","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3222546","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:55,3224175","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,3249449","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3254996","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:55,3257408","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:55,3265021","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3270666","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,3278302","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3284288","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:55,3286294","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,3302411","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3308009","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:55,3312446","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:55,3316028","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:55,3326744","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,3329953","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:55,3336414","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,3366564","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3370128","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976051, endtime: 976051, seqnum: 0, connid: 0"
"12:26:55,3386624","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,3386978","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3388970","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3389847","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3391046","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3392208","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3392525","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,3393458","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976051, endtime: 976051, seqnum: 0, connid: 0"
"12:26:55,3396957","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,3400917","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,3402979","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,3405713","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,3561529","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,3566413","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,3570341","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:55,3573569","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:55,3580240","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,3580403","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:55,3583263","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:55,3586440","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:55,3622010","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3628831","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:55,3632026","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,3634200","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ci.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:55,3641207","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3642168","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ci.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,3647626","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:55,3653653","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,3660609","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ci.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:55,3672117","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3674548","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,3678182","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:55,3678942","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,3682534","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,3682977","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,3684913","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ci.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,3686583","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,3691328","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3691332","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 125.286, Length: 16.200"
"12:26:55,3693814","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,3694556","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976051, endtime: 976051, seqnum: 0, connid: 0"
"12:26:55,3694878","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 126.976, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,3697784","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,3701381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3707394","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:55,3711858","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,3715068","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3717092","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3718683","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3720274","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3721547","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,3723036","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,3723553","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976051, endtime: 976051, seqnum: 0, connid: 0"
"12:26:55,3728620","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\CI.dll.mui","NO SUCH FILE","Filter: CI.dll.mui"
"12:26:55,3731857","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:26:55,3737506","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3746827","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:55,3748315","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,3752043","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,3752654","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\CI.dll.mui","SUCCESS","Filter: CI.dll.mui, 1: ci.dll.mui"
"12:26:55,3756694","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:26:55,3783587","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,3788164","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3790421","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:55,3792768","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:55,3794135","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:55,3796547","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,3799252","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,3803218","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:55,3806460","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:55,3825857","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3831427","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:55,3833083","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,3835359","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,3838956","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:55,3840580","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:55,3847003","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,3850931","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:55,3854173","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:55,3858344","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3863961","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,3866391","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,3867464","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,3871415","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:55,3874629","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:55,3895655","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3901281","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,3903716","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,3932989","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3938946","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,3941026","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:55,3965485","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,3970313","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:55,3972716","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:55,3984164","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ci.dll.mui","SUCCESS","Offset: 8.704, Length: 1.024"
"12:26:55,3992612","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ci.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,3995574","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4000855","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:55,4003729","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:55,4009555","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4013161","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976052, endtime: 976052, seqnum: 0, connid: 0"
"12:26:55,4038072","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4053173","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4054078","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:55,4056396","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4058440","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4060856","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976052, endtime: 976052, seqnum: 0, connid: 0"
"12:26:55,4063772","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,4075243","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4077711","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4080076","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976052, endtime: 976052, seqnum: 0, connid: 0"
"12:26:55,4123083","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4131134","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:55,4133952","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,4153480","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ci.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:55,4158677","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ci.dll.mui","SUCCESS","Offset: 8.192, Length: 1.536"
"12:26:55,4168039","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4173674","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:55,4175638","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:55,4186541","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4191742","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,4201361","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4208163","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:55,4210994","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,4228633","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4235047","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:26:55,4237468","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:26:55,4246169","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:26:55,4252984","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:26:55,4258274","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:26:55,4261866","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,4267474","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,4271831","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\ci.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,4272241","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,4273086","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4275880","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,4280265","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,4280288","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:55,4283106","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,4283908","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:55,4286334","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,4302317","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,4316377","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,4339818","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4343429","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976052, endtime: 976052, seqnum: 0, connid: 0"
"12:26:55,4361450","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4363031","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4364258","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4366222","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4368275","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976052, endtime: 976052, seqnum: 0, connid: 0"
"12:26:55,4369115","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,4371900","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,4380343","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4381897","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4384295","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4386333","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976052, endtime: 976052, seqnum: 0, connid: 0"
"12:26:55,4386730","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:55,4391908","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,4406393","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4410834","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:55,4414444","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,4431658","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4437657","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:55,4440918","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,4455319","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4459765","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:55,4462946","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,4486654","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4491020","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,4492653","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,4515507","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4519566","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,4521548","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,4548852","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4553615","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,4555276","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,4581694","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4587306","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,4589354","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:55,4614228","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4618603","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:55,4620260","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:55,4637884","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:55,4641462","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:55,4643948","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:55,4647909","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:55,4651272","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4652350","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:55,4657300","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:55,4659744","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:55,4666499","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4669303","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4671327","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976052, endtime: 976052, seqnum: 0, connid: 0"
"12:26:55,4690141","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4691303","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4692572","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4695324","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976052, endtime: 976052, seqnum: 0, connid: 0"
"12:26:55,4696994","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:55,4699840","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,4710928","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4713727","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976052, endtime: 976052, seqnum: 0, connid: 0"
"12:26:55,4721751","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,4723804","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976052, endtime: 976052, seqnum: 0, connid: 0"
"12:26:55,4728413","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4733969","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:55,4735616","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,4762453","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4767669","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:55,4769311","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:55,4775352","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4780120","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,4786926","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4792211","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:55,4794217","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,4808651","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4814249","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:26:55,4816679","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:26:55,4825827","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:26:55,4831789","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,4833511","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,4838759","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,4841576","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,4844781","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,4846820","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,4849222","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,4860684","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:26:55,4955057","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,4986504","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,4992149","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:55,4994892","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,4999771","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,5002948","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5004180","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,5007413","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:55,5008943","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:55,5010594","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:55,5013090","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:55,5015506","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:55,5016906","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,5018660","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:55,5029352","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5032193","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5034208","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976053, endtime: 976053, seqnum: 0, connid: 0"
"12:26:55,5041770","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5048567","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:55,5048642","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5050209","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5051054","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5052215","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5053419","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,5053465","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976053, endtime: 976053, seqnum: 0, connid: 0"
"12:26:55,5065697","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:55,5071365","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,5071444","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5078325","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:55,5082724","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,5089810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:55,5102364","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5108746","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:55,5113219","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,5116023","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,5119666","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,5122088","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,5124905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,5125278","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,5128040","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,5130125","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,5147708","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,5149406","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,5154201","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\Wdf01000.sys","NO SUCH FILE","Filter: Wdf01000.sys"
"12:26:55,5157061","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:55,5173519","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,5175408","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5177517","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Filter: Wdf01000.sys, 1: Wdf01000.sys"
"12:26:55,5180185","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:53, LastWriteTime: 06.10.2013 12:26:53, ChangeTime: 06.10.2013 12:26:53, FileAttributes: DNCI"
"12:26:55,5181893","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:55,5182187","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,5205488","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5208805","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,5209883","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,5211940","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,5214417","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:55,5216432","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:55,5222875","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,5228436","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:55,5231701","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:55,5240373","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5245626","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,5248378","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,5264062","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,5268881","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:55,5271666","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:55,5275659","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5280511","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,5280926","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,5283664","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:55,5285330","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:55,5290093","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:55,5308151","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,5311421","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5312634","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:55,5316646","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:55,5318442","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:55,5321204","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:55,5346726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 756.752, Length: 4.096"
"12:26:55,5350295","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5351871","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 753.664, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,5353262","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5353868","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976053, endtime: 976053, seqnum: 0, connid: 0"
"12:26:55,5359975","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:55,5363151","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:55,5366916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:55,5369538","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5371987","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5373942","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5375682","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,5376372","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976053, endtime: 976053, seqnum: 0, connid: 0"
"12:26:55,5379297","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,5381723","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,5384559","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,5386570","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,5388949","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,5389621","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5392023","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5393245","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5394384","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976053, endtime: 976053, seqnum: 0, connid: 0"
"12:26:55,5398437","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:55,5400080","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,5403989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,5419705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 756.802, Length: 4.096"
"12:26:55,5432865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:26:55,5434153","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5439755","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:55,5442195","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,5450527","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 756.802, Length: 4.096"
"12:26:55,5465371","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,5466276","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5471785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 770.048, Length: 15.464"
"12:26:55,5473301","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:55,5475853","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 770.048, Length: 15.464, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,5476828","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:55,5484880","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5490921","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,5493477","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 756.736, Length: 4.096"
"12:26:55,5498506","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5499113","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 616.448, Length: 4.096"
"12:26:55,5501916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 614.400, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,5504170","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:55,5506190","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,5523049","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:26:55,5529953","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 760.832, Length: 4.096"
"12:26:55,5533974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 761.856, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,5571961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 770.048, Length: 4.096"
"12:26:55,5578366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 762.880, Length: 4.096"
"12:26:55,5582761","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 765.952, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,5593654","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,5597218","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,5599606","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,5602083","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,5604406","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,5605703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,5606492","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,5611917","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:55,5615141","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:55,5620547","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 770.048, Length: 4.096"
"12:26:55,5624377","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,5627139","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,5629173","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:55,5641731","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:55,5645701","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:55,5648243","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 774.144, Length: 11.368"
"12:26:55,5649713","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:26:55,5653076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:55,5673598","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5677605","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976053, endtime: 976053, seqnum: 0, connid: 0"
"12:26:55,5681454","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,5686039","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:55,5688474","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976053, endtime: 976053, seqnum: 0, connid: 0"
"12:26:55,5705450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,5711072","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:26:55,5714277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 61.840, Length: 61.440"
"12:26:55,5718718","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 123.280, Length: 61.440"
"12:26:55,5727987","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5734779","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, FileAttributes: ANCI"
"12:26:55,5737564","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,5743993","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 184.720, Length: 61.440"
"12:26:55,5746381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5752282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 246.160, Length: 61.440"
"12:26:55,5752478","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:55,5758062","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,5776078","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5780907","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:55,5784508","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,5787382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 307.600, Length: 61.440"
"12:26:55,5791758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 369.040, Length: 61.440"
"12:26:55,5794981","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 430.480, Length: 61.440"
"12:26:55,5798205","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5798620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 491.920, Length: 61.440"
"12:26:55,5803425","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:55,5806620","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,5818553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 553.360, Length: 61.440"
"12:26:55,5820265","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5822616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 614.800, Length: 61.440"
"12:26:55,5825868","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:55,5826232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 676.240, Length: 61.440"
"12:26:55,5830183","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 737.680, Length: 32.368"
"12:26:55,5830673","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,5836938","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,5840581","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,5843315","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,5846170","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,5848526","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,5850597","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,5857959","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5863543","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, FileAttributes: ANCI"
"12:26:55,5865604","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,5890082","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5894462","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:55,5896095","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,5918925","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5924122","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,5926539","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,5953843","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5958228","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,5959856","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,5981152","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,5985173","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,5987109","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:55,6008414","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6012426","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:55,6014045","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:55,6038471","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6043691","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:55,6046121","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:55,6072166","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6077018","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:55,6079439","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,6083129","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,6089692","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,6094073","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,6098547","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,6100930","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,6103333","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,6105460","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6110312","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:55,6112728","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,6139188","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6144044","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:55,6146778","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:55,6154079","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6159663","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,6168853","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6176121","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:55,6178938","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,6196572","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6205417","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:55,6210180","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:55,6213441","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:55,6222169","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:55,6227828","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:26:55,6233379","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,6236183","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:52, LastWriteTime: 06.10.2013 12:26:52, ChangeTime: 06.10.2013 12:26:53, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:55,6269533","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,6305714","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6311690","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:55,6314130","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:55,6322145","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6328139","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:55,6332604","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,6348987","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6349519","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,6353130","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,6354221","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:55,6356502","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,6358611","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,6362544","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,6364969","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,6368114","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,6374271","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6379477","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:55,6383135","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,6398819","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6404347","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:55,6408004","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,6437305","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6442907","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:55,6445343","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:55,6471784","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6476967","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:55,6479392","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,6504723","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6509874","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,6512290","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,6538367","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6543214","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,6545631","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,6571260","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6576107","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,6578519","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:55,6604559","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6609387","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:55,6611804","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:55,6621997","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,6626023","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,6628803","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,6631649","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,6635054","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,6637499","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6639103","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,6642658","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:55,6644706","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:55,6665568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 771.391, Length: 4.096"
"12:26:55,6671227","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6676764","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:55,6679176","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,6705318","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6710520","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:55,6712922","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,6714480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 618.496, Length: 4.096"
"12:26:55,6740987","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6746198","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:55,6748647","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:55,6756619","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6758611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 756.752, Length: 4.096"
"12:26:55,6761895","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,6762250","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,6771113","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6771902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 687.104, Length: 4.096"
"12:26:55,6777117","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 756.752, Length: 4.096"
"12:26:55,6778703","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:55,6781479","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,6782739","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,6790301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:55,6797587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:55,6799612","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6805163","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:55,6809185","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:55,6812781","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:55,6813626","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:55,6817199","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:55,6820021","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:55,6827639","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:55,6829524","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:55,6834865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:55,6836116","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:55,6842105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:55,6849686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:55,6850474","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:26:55,6856511","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:55,6861764","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:55,6866989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:55,6872195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:55,6877406","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:55,6884585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:55,6886628","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,6890234","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,6892212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:55,6892697","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,6895860","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,6897880","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,6899037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:55,6900278","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,6905498","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:55,6912743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:55,6920314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:55,6928786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:55,6930381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,6936366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:55,6943630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:55,6951220","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:55,6958469","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:55,6958814","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6964072","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:55,6965705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:55,6966498","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,6973257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:55,6974139","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,6980077","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:55,6980138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:55,6984561","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,6987378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:55,6994922","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:55,7001387","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7002218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:55,7006981","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:55,7009430","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:55,7011034","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,7016660","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:55,7024213","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:55,7027875","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7032232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:55,7033436","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:55,7037462","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,7039486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:55,7046736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:55,7053938","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7054293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:55,7059532","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:55,7061178","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:55,7063520","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,7068731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:55,7075981","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:55,7083244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:55,7090839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:55,7091678","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:55,7098083","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:55,7105673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:55,7112932","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:55,7118521","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7120503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:55,7123745","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:55,7126526","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,7129815","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,7131247","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:55,7135814","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,7139280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:55,7140581","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,7144981","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,7145321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:55,7148167","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,7150882","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:55,7151451","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,7153401","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7156102","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:55,7158644","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:55,7161023","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:55,7161322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:55,7166547","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:55,7171758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:55,7176978","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:55,7182175","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:55,7185496","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7187801","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:55,7189536","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,7191159","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:55,7193884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:55,7200307","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:55,7205877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:55,7211098","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:55,7214830","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7216719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:55,7218865","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:55,7220801","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:55,7223530","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:55,7237464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:55,7244620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:55,7249906","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:55,7250134","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7256101","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:55,7258531","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:55,7259082","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:55,7265547","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:55,7271150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:26:55,7276394","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:26:55,7281604","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:55,7285817","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7286820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:26:55,7291056","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:55,7292035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:26:55,7293491","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:55,7297251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:55,7302462","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:26:55,7307686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:26:55,7312893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:26:55,7317525","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7318113","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:26:55,7322726","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:55,7323333","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:26:55,7325152","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:55,7329743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:26:55,7336983","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:26:55,7342585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:26:55,7347791","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:26:55,7353221","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7353786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:26:55,7358446","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:55,7359370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:26:55,7360872","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:55,7365038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:55,7370291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:55,7375501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:26:55,7380708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:26:55,7385909","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:26:55,7388568","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7391134","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:26:55,7394129","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:55,7394535","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,7396349","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:26:55,7396550","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:55,7398593","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,7401574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:26:55,7402129","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,7404578","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7406146","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,7407168","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:26:55,7409006","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,7410190","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,7412238","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,7412752","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:26:55,7418000","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:26:55,7419782","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7423220","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:26:55,7427428","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:55,7428794","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:26:55,7430250","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:55,7434061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 409.600, Length: 4.096"
"12:26:55,7438703","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:55,7439281","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 413.696, Length: 4.096"
"12:26:55,7444483","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 417.792, Length: 4.096"
"12:26:55,7449703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 421.888, Length: 4.096"
"12:26:55,7450734","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:55,7454918","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 425.984, Length: 4.096"
"12:26:55,7460120","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 430.080, Length: 4.096"
"12:26:55,7465326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:26:55,7470532","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:26:55,7475729","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 442.368, Length: 4.096"
"12:26:55,7480613","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 446.464, Length: 4.096"
"12:26:55,7485805","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 450.560, Length: 4.096"
"12:26:55,7491016","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:26:55,7496218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:26:55,7498345","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:55,7501433","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:26:55,7506639","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 466.944, Length: 4.096"
"12:26:55,7511850","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 471.040, Length: 4.096"
"12:26:55,7517047","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 475.136, Length: 4.096"
"12:26:55,7521940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 479.232, Length: 4.096"
"12:26:55,7527534","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 483.328, Length: 4.096"
"12:26:55,7532768","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 487.424, Length: 4.096"
"12:26:55,7537974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 491.520, Length: 4.096"
"12:26:55,7543180","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 495.616, Length: 4.096"
"12:26:55,7548391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 499.712, Length: 4.096"
"12:26:55,7551890","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:55,7553541","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:26:55,7553620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 503.808, Length: 4.096"
"12:26:55,7558841","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 507.904, Length: 4.096"
"12:26:55,7564037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 512.000, Length: 4.096"
"12:26:55,7569244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 516.096, Length: 4.096"
"12:26:55,7574464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 520.192, Length: 4.096"
"12:26:55,7575863","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:55,7579679","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 524.288, Length: 4.096"
"12:26:55,7579870","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:55,7584890","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 528.384, Length: 4.096"
"12:26:55,7587488","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:26:55,7590110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 532.480, Length: 4.096"
"12:26:55,7595316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 536.576, Length: 4.096"
"12:26:55,7599575","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:","SUCCESS","Offset: 39.952.384, Length: 104, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:55,7600532","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 540.672, Length: 4.096"
"12:26:55,7605761","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 544.768, Length: 4.096"
"12:26:55,7610972","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 548.864, Length: 4.096"
"12:26:55,7616201","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 552.960, Length: 4.096"
"12:26:55,7617564","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,7621417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 557.056, Length: 4.096"
"12:26:55,7621590","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,7624813","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,7627383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 561.152, Length: 4.096"
"12:26:55,7629646","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,7632786","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,7633443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 565.248, Length: 4.096"
"12:26:55,7635641","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,7639046","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 569.344, Length: 4.096"
"12:26:55,7644266","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 573.440, Length: 4.096"
"12:26:55,7649477","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 577.536, Length: 4.096"
"12:26:55,7654674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 581.632, Length: 4.096"
"12:26:55,7659553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 585.728, Length: 4.096"
"12:26:55,7664750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 589.824, Length: 4.096"
"12:26:55,7669961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 593.920, Length: 4.096"
"12:26:55,7675167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 598.016, Length: 4.096"
"12:26:55,7680751","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 602.112, Length: 4.096"
"12:26:55,7685967","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 606.208, Length: 4.096"
"12:26:55,7691634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 610.304, Length: 4.096"
"12:26:55,7696850","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 614.400, Length: 4.096"
"12:26:55,7702047","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 618.496, Length: 4.096"
"12:26:55,7707248","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 622.592, Length: 4.096"
"12:26:55,7712445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 626.688, Length: 4.096"
"12:26:55,7717642","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 630.784, Length: 4.096"
"12:26:55,7722535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 634.880, Length: 4.096"
"12:26:55,7728493","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 638.976, Length: 4.096"
"12:26:55,7735350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 643.072, Length: 4.096"
"12:26:55,7740580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 647.168, Length: 4.096"
"12:26:55,7745786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 651.264, Length: 4.096"
"12:26:55,7752587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 655.360, Length: 4.096"
"12:26:55,7757812","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 659.456, Length: 4.096"
"12:26:55,7763378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 663.552, Length: 4.096"
"12:26:55,7768602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 667.648, Length: 4.096"
"12:26:55,7774256","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 671.744, Length: 4.096"
"12:26:55,7779486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 675.840, Length: 4.096"
"12:26:55,7784701","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 679.936, Length: 4.096"
"12:26:55,7789917","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 684.032, Length: 4.096"
"12:26:55,7795146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 688.128, Length: 4.096"
"12:26:55,7800357","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 692.224, Length: 4.096"
"12:26:55,7805586","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 696.320, Length: 4.096"
"12:26:55,7810802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 700.416, Length: 4.096"
"12:26:55,7816017","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 704.512, Length: 4.096"
"12:26:55,7821219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 708.608, Length: 4.096"
"12:26:55,7827251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 712.704, Length: 4.096"
"12:26:55,7832471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 716.800, Length: 4.096"
"12:26:55,7838008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 720.896, Length: 4.096"
"12:26:55,7842897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 724.992, Length: 4.096"
"12:26:55,7850063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 729.088, Length: 4.096"
"12:26:55,7855292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 733.184, Length: 4.096"
"12:26:55,7861319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 737.280, Length: 4.096"
"12:26:55,7866950","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 741.376, Length: 4.096"
"12:26:55,7875725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 745.472, Length: 4.096"
"12:26:55,7880954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 749.568, Length: 4.096"
"12:26:55,7886160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 753.664, Length: 4.096"
"12:26:55,7887485","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,7891380","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 757.760, Length: 4.096"
"12:26:55,7891474","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,7894263","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,7896591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 761.856, Length: 4.096"
"12:26:55,7897473","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,7899530","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,7901807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 765.952, Length: 4.096"
"12:26:55,7901947","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,7906691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 770.048, Length: 4.096"
"12:26:55,7911897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 774.144, Length: 4.096"
"12:26:55,7917085","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 778.240, Length: 4.096"
"12:26:55,7922295","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 782.336, Length: 3.176"
"12:26:55,7946759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 756.752, Length: 4.096"
"12:26:55,7952818","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,7958384","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:55,7963604","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:55,7968833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:55,7973676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:55,7978877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:55,7984107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:55,7989275","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:55,7994113","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:55,7999371","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:55,8004922","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:55,8010203","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:55,8011667","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.688.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8015805","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:55,8017349","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.688.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8020195","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.688.599, Length: 8.760"
"12:26:55,8020974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:55,8024603","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.697.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8026600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:55,8033425","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:55,8039046","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:55,8044640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:55,8049524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:55,8054278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:55,8058695","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:55,8063519","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:55,8066565","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.697.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8068734","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:55,8070171","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.697.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8072560","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.697.359, Length: 1.460"
"12:26:55,8073945","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:55,8075802","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.698.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8079165","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:55,8084409","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:55,8089993","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:55,8095236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:55,8100792","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:55,8106031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:55,8109455","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.698.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8111289","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:55,8113019","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.698.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8114703","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.698.819, Length: 7.300"
"12:26:55,8116849","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:55,8117871","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.706.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8122457","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:55,8128120","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:55,8133363","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:55,8138905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:55,8144158","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:55,8144928","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,8145446","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.706.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8149392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:55,8149742","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,8149807","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.706.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8152252","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.706.119, Length: 1.460"
"12:26:55,8153353","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,8154612","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:55,8155480","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.707.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8157407","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,8160173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:55,8160570","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,8163816","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,8165062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:55,8170623","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:55,8175866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:55,8177886","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.707.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8180694","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.707.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8181450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:55,8182658","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.707.579, Length: 2.920"
"12:26:55,8185490","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.710.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8186325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:55,8191149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:55,8196686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:55,8201146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:55,8205927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:55,8209132","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.710.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8211180","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:55,8211955","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.710.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8214016","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.710.499, Length: 4.380"
"12:26:55,8216414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:55,8217576","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.714.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8221583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:55,8227592","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:55,8232821","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:55,8237673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:55,8243238","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:55,8248458","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:55,8253664","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:55,8258898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:55,8259864","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.714.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8263111","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.714.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8264133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:55,8265537","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.714.879, Length: 1.460"
"12:26:55,8269087","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.716.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8269385","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:55,8274997","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:55,8280978","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:55,8285820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:55,8290578","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:55,8295421","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:55,8296988","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.716.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8299787","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.716.416, EndOfFile: 406.716.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8300636","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:55,8304606","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.716.339, Length: 4.380, Priority: Normal"
"12:26:55,8305805","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:55,8311025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:55,8315905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:55,8321102","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:26:55,8326350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:26:55,8327138","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.720.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8329914","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.720.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8331565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:55,8332321","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.720.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8334364","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.720.719, Length: 2.920"
"12:26:55,8337093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:26:55,8337172","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.723.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8341996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:26:55,8347212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:55,8351970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:26:55,8356793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:26:55,8358627","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.723.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8361832","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.723.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8362433","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:26:55,8364579","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.723.639, Length: 1.460"
"12:26:55,8368246","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.725.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8368852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:26:55,8374035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:26:55,8378224","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,8378476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:26:55,8382288","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,8383659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:26:55,8385082","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,8388128","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:26:55,8388716","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,8391907","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,8392075","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.725.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8394543","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.725.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8395471","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,8395499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:26:55,8396880","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.725.099, Length: 4.380"
"12:26:55,8399725","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.729.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8401876","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:26:55,8407110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:26:55,8412717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:55,8418003","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:26:55,8423610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:26:55,8429134","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.729.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8430039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:26:55,8433542","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.729.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8436024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:26:55,8436369","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.729.479, Length: 2.920"
"12:26:55,8439593","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.732.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8441664","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:26:55,8447234","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:26:55,8452459","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:26:55,8456601","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.732.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8458061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:26:55,8460216","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.732.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8463001","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.732.399, Length: 2.920"
"12:26:55,8463701","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:26:55,8467009","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.735.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8469719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:26:55,8474519","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:26:55,8479763","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:26:55,8485351","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 409.600, Length: 4.096"
"12:26:55,8490604","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 413.696, Length: 4.096"
"12:26:55,8493091","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.735.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8496212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 417.792, Length: 4.096"
"12:26:55,8497504","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.735.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8499934","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.735.319, Length: 5.840"
"12:26:55,8501842","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 421.888, Length: 4.096"
"12:26:55,8504305","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.741.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8507436","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 425.984, Length: 4.096"
"12:26:55,8512273","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 430.080, Length: 4.096"
"12:26:55,8517493","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:26:55,8523087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:26:55,8525200","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.741.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8528442","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.741.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8529534","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 442.368, Length: 4.096"
"12:26:55,8530868","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.741.159, Length: 8.760"
"12:26:55,8535538","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 446.464, Length: 4.096"
"12:26:55,8536088","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.749.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8543109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 450.560, Length: 4.096"
"12:26:55,8547951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:26:55,8552719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:26:55,8557141","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:26:55,8561559","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 466.944, Length: 4.096"
"12:26:55,8565967","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 471.040, Length: 4.096"
"12:26:55,8568099","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.749.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8570404","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 475.136, Length: 4.096"
"12:26:55,8570954","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.749.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8573319","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.749.919, Length: 8.760"
"12:26:55,8574840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 479.232, Length: 4.096"
"12:26:55,8577299","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.758.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8579650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 483.328, Length: 4.096"
"12:26:55,8584063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 487.424, Length: 4.096"
"12:26:55,8588471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 491.520, Length: 4.096"
"12:26:55,8592903","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 495.616, Length: 4.096"
"12:26:55,8593435","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.758.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8596640","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.758.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8597316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 499.712, Length: 4.096"
"12:26:55,8599070","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.758.679, Length: 1.460"
"12:26:55,8601734","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 503.808, Length: 4.096"
"12:26:55,8602247","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.760.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8606142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 507.904, Length: 4.096"
"12:26:55,8610541","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 512.000, Length: 4.096"
"12:26:55,8614950","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 516.096, Length: 4.096"
"12:26:55,8619363","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 520.192, Length: 4.096"
"12:26:55,8622680","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.760.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8623785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 524.288, Length: 4.096"
"12:26:55,8623855","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,8625539","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.760.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8627923","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.760.139, Length: 1.460"
"12:26:55,8628660","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,8628950","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 528.384, Length: 4.096"
"12:26:55,8631497","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.761.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:55,8631930","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,8633391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 532.480, Length: 4.096"
"12:26:55,8635896","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,8637827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 536.576, Length: 4.096"
"12:26:55,8638713","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,8641923","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,8642249","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 540.672, Length: 4.096"
"12:26:55,8646653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 544.768, Length: 4.096"
"12:26:55,8651057","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 548.864, Length: 4.096"
"12:26:55,8655470","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 552.960, Length: 4.096"
"12:26:55,8659878","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 557.056, Length: 4.096"
"12:26:55,8664282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 561.152, Length: 4.096"
"12:26:55,8668695","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 565.248, Length: 4.096"
"12:26:55,8673113","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 569.344, Length: 4.096"
"12:26:55,8677526","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 573.440, Length: 4.096"
"12:26:55,8681939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 577.536, Length: 4.096"
"12:26:55,8686348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 581.632, Length: 4.096"
"12:26:55,8690756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 585.728, Length: 4.096"
"12:26:55,8695169","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 589.824, Length: 4.096"
"12:26:55,8699582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 593.920, Length: 4.096"
"12:26:55,8703986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 598.016, Length: 4.096"
"12:26:55,8708782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 602.112, Length: 4.096"
"12:26:55,8713195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 606.208, Length: 4.096"
"12:26:55,8717281","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 610.304, Length: 4.096"
"12:26:55,8721690","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 614.400, Length: 4.096"
"12:26:55,8727255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 618.496, Length: 4.096"
"12:26:55,8731682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 622.592, Length: 4.096"
"12:26:55,8736100","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 626.688, Length: 4.096"
"12:26:55,8740508","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 630.784, Length: 4.096"
"12:26:55,8744926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 634.880, Length: 4.096"
"12:26:55,8749348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 638.976, Length: 4.096"
"12:26:55,8753757","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 643.072, Length: 4.096"
"12:26:55,8758161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 647.168, Length: 4.096"
"12:26:55,8762569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 651.264, Length: 4.096"
"12:26:55,8766973","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 655.360, Length: 4.096"
"12:26:55,8771386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 659.456, Length: 4.096"
"12:26:55,8775790","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 663.552, Length: 4.096"
"12:26:55,8780198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 667.648, Length: 4.096"
"12:26:55,8784607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 671.744, Length: 4.096"
"12:26:55,8788698","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 675.840, Length: 4.096"
"12:26:55,8793102","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 679.936, Length: 4.096"
"12:26:55,8797501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 684.032, Length: 4.096"
"12:26:55,8801904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 688.128, Length: 4.096"
"12:26:55,8806313","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 692.224, Length: 4.096"
"12:26:55,8810717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 696.320, Length: 4.096"
"12:26:55,8815120","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 700.416, Length: 4.096"
"12:26:55,8819529","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 704.512, Length: 4.096"
"12:26:55,8823932","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 708.608, Length: 4.096"
"12:26:55,8828775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 712.704, Length: 4.096"
"12:26:55,8833193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 716.800, Length: 4.096"
"12:26:55,8837601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 720.896, Length: 4.096"
"12:26:55,8842009","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 724.992, Length: 4.096"
"12:26:55,8846422","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 729.088, Length: 4.096"
"12:26:55,8850831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 733.184, Length: 4.096"
"12:26:55,8855235","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 737.280, Length: 4.096"
"12:26:55,8859643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 741.376, Length: 4.096"
"12:26:55,8864047","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 745.472, Length: 4.096"
"12:26:55,8868455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 749.568, Length: 4.096"
"12:26:55,8872546","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 753.664, Length: 4.096"
"12:26:55,8876955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 757.760, Length: 4.096"
"12:26:55,8881354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 761.856, Length: 4.096"
"12:26:55,8885758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 765.952, Length: 4.096"
"12:26:55,8890161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 770.048, Length: 4.096"
"12:26:55,8894565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 774.144, Length: 4.096"
"12:26:55,8898969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 778.240, Length: 4.096"
"12:26:55,8903387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 782.336, Length: 3.176"
"12:26:55,8927048","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 756.752, Length: 4.096"
"12:26:55,8934703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 770.048, Length: 4.096"
"12:26:55,9007337","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 764.928, Length: 4.096"
"12:26:55,9122474","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Wdf01000.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:55,9371557","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,9376012","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,9379590","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,9384008","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,9386821","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,9389662","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:55,9479496","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,9483489","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,9485919","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:55,9488298","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:55,9489945","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:55,9491895","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:55,9493906","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:55,9531272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Synchronous"
"12:26:55,9536049","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,9553487","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui","SUCCESS","Offset: 176, Length: 2.384"
"12:26:55,9571956","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui","SUCCESS","Offset: 0, Length: 2.560"
"12:26:55,9577563","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.440.752, Length: 16.200"
"12:26:55,9581160","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.437.120, Length: 20.480, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:55,9614169","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,9618984","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\Wdf01000.sys.mui","NO SUCH FILE","Filter: Wdf01000.sys.mui"
"12:26:55,9622151","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:55,9645723","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,9650524","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\Wdf01000.sys.mui","SUCCESS","Filter: Wdf01000.sys.mui, 1: wdf01000.sys.mui"
"12:26:55,9654946","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:55,9682614","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,9687895","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:55,9689985","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.548.288, Length: 8.192"
"12:26:55,9690680","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:55,9697505","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,9698424","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.321.920, Length: 8.192"
"12:26:55,9701475","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:55,9704712","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:55,9732758","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,9736042","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:55,9737992","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:55,9744057","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,9747990","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:55,9751241","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:55,9764858","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:55,9768488","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:55,9771702","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:55,9788239","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:55,9791495","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:55,9793907","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:55,9797061","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:55,9799076","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:55,9801478","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,0230658","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,0235477","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\Wdf01000.sys.mui","NO SUCH FILE","Filter: Wdf01000.sys.mui"
"12:26:56,0238323","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:56,0253960","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,0257939","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\Wdf01000.sys.mui","SUCCESS","Filter: Wdf01000.sys.mui, 1: wdf01000.sys.mui"
"12:26:56,0261597","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:56,1187678","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,1192059","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,1194489","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:56,1196873","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:56,1198837","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:56,1200479","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:56,1202504","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:56,1242506","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:56,1248939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,1291055","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:26:56,1317001","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,1323024","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 612.096, Length: 16.200"
"12:26:56,1335424","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:56,1339090","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,1341493","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:26:56,1344306","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:26:56,1347072","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,1349656","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,1354825","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\WDFLDR.SYS","NO SUCH FILE","Filter: WDFLDR.SYS"
"12:26:56,1357690","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:56,1374894","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,1378883","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\WDFLDR.SYS","SUCCESS","Filter: WDFLDR.SYS, 1: WdfLdr.sys"
"12:26:56,1382909","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:56,1409009","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,1414253","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:56,1416263","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:56,1422682","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,1427091","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:56,1430641","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:56,1456732","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,1459965","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:56,1461593","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:56,1467620","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,1471226","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:56,1474441","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:56,1487642","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,1491249","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:56,1494449","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:56,1520563","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 35.456, Length: 4.096"
"12:26:56,1527342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:26:56,1567479","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,1619657","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 38.912, Length: 15.464"
"12:26:56,1631712","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 34.816, Length: 4.096"
"12:26:56,1642105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 27.136, Length: 4.096"
"12:26:56,1660163","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 38.912, Length: 4.096"
"12:26:56,1665827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:56,1677802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,1697889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 38.912, Length: 4.096"
"12:26:56,1723146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 15.360, Length: 4.096"
"12:26:56,1740840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 38.912, Length: 4.096"
"12:26:56,1748798","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 43.008, Length: 11.368"
"12:26:56,1754079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:26:56,1809854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,1816660","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 4.096, Length: 34.816"
"12:26:56,1879190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 40.255, Length: 4.096"
"12:26:56,1953027","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 35.456, Length: 4.096"
"12:26:56,1955486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,1963496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 29.696, Length: 4.096"
"12:26:56,1966677","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 35.456, Length: 4.096"
"12:26:56,1971109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,1976362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:56,1981582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:56,1987157","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:56,1992367","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:56,1997583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:56,2002784","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:56,2007995","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:56,2012875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:56,2018076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:56,2023273","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:56,2030518","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:56,2036531","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:56,2042087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 53.248, Length: 1.128"
"12:26:56,2056199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 35.456, Length: 4.096"
"12:26:56,2060612","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,2065356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:56,2069760","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:56,2073860","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:56,2078269","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:56,2082663","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:56,2087072","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:56,2091471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:56,2095916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:56,2100329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:56,2104724","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:56,2109132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:56,2113536","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:56,2117945","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 53.248, Length: 1.128"
"12:26:56,2136796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 35.456, Length: 4.096"
"12:26:56,2145193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 39.552, Length: 4.096"
"12:26:56,2148006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 38.912, Length: 4.096"
"12:26:56,2217859","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 38.400, Length: 4.096"
"12:26:56,2300103","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\WdfLdr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,2569008","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,2573832","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2576271","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,2580601","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,2583026","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,2585853","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,2773769","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,2777058","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2779469","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,2782646","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,2784676","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,2787055","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,2818940","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,2822952","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2826110","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:56,2828536","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:56,2830187","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:56,2832151","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:56,2834153","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:56,2845946","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:26:56,2849962","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:26:56,2853195","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:26:56,2856363","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:26:56,2858411","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:26:56,2860417","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:56,2862833","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:56,2865193","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:56,2867251","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:56,2869476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:56,2869649","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:56,2872000","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:56,2874276","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,2874412","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:56,2876068","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:56,2880485","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:56,2882463","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:56,2884861","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:56,2886895","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,2889265","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:56,2891574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:26:56,2892526","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:56,2895269","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:56,2898935","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:56,2902145","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:56,2905359","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:56,2911769","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:56,2913784","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:56,2916168","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:56,2918127","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:56,2919793","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:56,2921654","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,2921808","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,2923758","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:56,2927737","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.217.652, Length: 16.200"
"12:26:56,2929011","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,2936619","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2939068","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,2941863","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2944223","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:56,2946649","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,2948683","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2951025","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,2951389","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,2953073","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2955083","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,2956198","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\sptd.sys","NO SUCH FILE","Filter: sptd.sys"
"12:26:56,2957481","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,2959384","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:56,2959464","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:56,2961507","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,2963485","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:56,2967077","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2969927","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,2972349","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2974695","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:56,2975451","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,2976780","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,2979122","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2979864","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Filter: sptd.sys, 1: sptd.sys"
"12:26:56,2981165","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,2983512","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,2984216","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:56,2985947","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,2988004","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,2989978","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:56,2991997","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,2993966","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:56,2995687","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,2999723","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3002503","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,3005372","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,3006305","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3007761","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,3009547","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,3010177","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,3011581","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,3013116","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3015532","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:56,3017538","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:56,3018378","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,3019558","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:56,3020753","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3022824","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,3026019","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3028412","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,3032410","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:56,3032746","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,3036016","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:56,3036781","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,3039538","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:56,3041941","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,3043592","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:56,3054928","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3058138","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,3061357","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3063750","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:26:56,3064072","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,3066493","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,3067319","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:56,3068951","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:56,3075319","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,3078934","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:56,3082163","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:56,3087038","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3090266","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,3093494","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3095766","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,3095873","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:56,3098691","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,3099400","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:56,3101061","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3102656","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:56,3103542","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,3105935","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3107923","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:56,3110297","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,3111967","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:56,3114314","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:56,3115951","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:56,3129120","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 242.556, Length: 4.096"
"12:26:56,3132685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 241.664, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3149171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:26:56,3162354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.339, Length: 4.096"
"12:26:56,3165568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 249.856, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3180435","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 3.781, Length: 4.096"
"12:26:56,3184042","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.244, Length: 4.096"
"12:26:56,3189224","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,3192429","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.339, Length: 4.096"
"12:26:56,3196819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 3.781, Length: 4.096"
"12:26:56,3199651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.339, Length: 4.096"
"12:26:56,3202426","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3207269","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 3.781, Length: 4.096"
"12:26:56,3210539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3212073","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,3215348","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3216538","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,3218087","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,3219710","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3220918","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,3222537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 3.156, Length: 4.096"
"12:26:56,3222976","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,3226549","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,3226941","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,3229754","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3234134","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 111.334, Length: 4.096"
"12:26:56,3236616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.339, Length: 4.096"
"12:26:56,3239364","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 111.334, Length: 4.096"
"12:26:56,3241799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3248237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 3.781, Length: 4.096"
"12:26:56,3251031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.339, Length: 4.096"
"12:26:56,3253461","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3256265","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 49.729, Length: 4.096"
"12:26:56,3259013","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 3.781, Length: 4.096"
"12:26:56,3261448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3265427","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 3.781, Length: 4.096"
"12:26:56,3267876","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3271459","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,3274239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3278302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,3281101","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3316439","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 292.455, Length: 4.096"
"12:26:56,3320017","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 290.816, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3335850","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,3352686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3356726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:26:56,3363952","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3368715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 304.260, Length: 4.096"
"12:26:56,3371901","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 303.104, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3388779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.337, Length: 4.096"
"12:26:56,3398403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 4.336, Length: 4.096"
"12:26:56,3407196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,3415206","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 558.080, Length: 6.712"
"12:26:56,3418472","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 557.056, Length: 7.736, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3435644","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 234.496, Length: 4.096"
"12:26:56,3439292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 233.472, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3441368","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,3444997","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3447763","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,3450590","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,3452582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 232.448, Length: 4.096"
"12:26:56,3452638","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,3455031","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,3456533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 229.376, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3468019","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3470892","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976061, endtime: 976061, seqnum: 0, connid: 0"
"12:26:56,3471555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 238.592, Length: 4.096"
"12:26:56,3477988","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 230.400, Length: 4.096"
"12:26:56,3483586","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 109.568, Length: 4.096"
"12:26:56,3489963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:56,3491054","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3493387","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3494637","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3495584","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 236.544, Length: 4.096"
"12:26:56,3496219","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3497473","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3499797","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976061, endtime: 976061, seqnum: 0, connid: 0"
"12:26:56,3500403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 242.688, Length: 4.096"
"12:26:56,3504835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 271.360, Length: 4.096"
"12:26:56,3508497","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 270.336, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3522949","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 275.456, Length: 4.096"
"12:26:56,3527423","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 278.528, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3533660","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.761.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3538012","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.761.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3539664","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.761.599, Length: 1.460"
"12:26:56,3542514","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.763.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3542887","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 113.664, Length: 4.096"
"12:26:56,3547361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 537.600, Length: 4.096"
"12:26:56,3551312","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 536.576, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3563325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 244.736, Length: 4.096"
"12:26:56,3568969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 226.304, Length: 4.096"
"12:26:56,3571418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 225.280, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3577394","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.763.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3580221","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.763.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3582269","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.763.059, Length: 7.300"
"12:26:56,3586332","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.770.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3586958","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 224.256, Length: 4.096"
"12:26:56,3590578","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 221.184, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3603985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 269.312, Length: 4.096"
"12:26:56,3607595","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 266.240, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3622752","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 248.832, Length: 4.096"
"12:26:56,3639569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 263.168, Length: 4.096"
"12:26:56,3643507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 262.144, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,3658677","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 228.352, Length: 4.096"
"12:26:56,3662871","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,3666468","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3668875","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,3671707","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,3673717","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,3676096","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,3682296","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 558.080, Length: 4.096"
"12:26:56,3686355","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 557.056, Length: 4.096"
"12:26:56,3694794","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,3710841","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 558.080, Length: 4.096"
"12:26:56,3738906","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 562.176, Length: 2.616"
"12:26:56,3745367","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:26:56,3790496","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3791480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,3793640","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3795660","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976062, endtime: 976062, seqnum: 0, connid: 0"
"12:26:56,3796691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 4.096, Length: 57.760"
"12:26:56,3799868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 61.856, Length: 61.440"
"12:26:56,3803516","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 123.296, Length: 61.440"
"12:26:56,3813303","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3815692","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3816564","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3817735","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,3819349","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976062, endtime: 976062, seqnum: 0, connid: 0"
"12:26:56,3828171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 184.736, Length: 61.440"
"12:26:56,3832966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 246.176, Length: 61.440"
"12:26:56,3858992","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.770.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3861819","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.770.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3863065","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 307.616, Length: 61.440"
"12:26:56,3863793","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.770.359, Length: 2.920"
"12:26:56,3866601","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.773.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3867921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 369.056, Length: 61.440"
"12:26:56,3872320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 430.496, Length: 61.440"
"12:26:56,3876369","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 491.936, Length: 61.440"
"12:26:56,3880741","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 553.376, Length: 4.704"
"12:26:56,3910396","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,3914804","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,3918047","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,3922026","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,3924843","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,3928445","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,3958394","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.773.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3961963","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.773.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3964351","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.773.279, Length: 4.380"
"12:26:56,3967570","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.777.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3989113","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.777.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3992267","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.777.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,3994319","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.777.659, Length: 1.460"
"12:26:56,3997893","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.779.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4108332","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4111149","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4113160","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976062, endtime: 976062, seqnum: 0, connid: 0"
"12:26:56,4123237","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4124841","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4126455","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976062, endtime: 976062, seqnum: 0, connid: 0"
"12:26:56,4140460","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4142060","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4142909","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4144472","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976062, endtime: 976062, seqnum: 0, connid: 0"
"12:26:56,4163010","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,4166285","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,4168692","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,4171836","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,4173852","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,4175596","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.779.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4176264","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,4178456","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.779.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4180821","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.779.119, Length: 2.920"
"12:26:56,4184427","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.782.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4216807","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.782.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4220040","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.782.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4222027","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.782.039, Length: 2.920"
"12:26:56,4225629","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.784.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4254230","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.784.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4256716","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.784.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4259072","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.784.959, Length: 4.380"
"12:26:56,4262272","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.789.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4386977","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,4390550","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,4392953","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,4395775","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,4397781","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,4399848","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,4402283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 560.099, Length: 4.096"
"12:26:56,4429797","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4432610","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4435017","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976062, endtime: 976062, seqnum: 0, connid: 0"
"12:26:56,4449507","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4451447","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4452306","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4453462","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4454717","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976062, endtime: 976062, seqnum: 0, connid: 0"
"12:26:56,4462298","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4463935","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976062, endtime: 976062, seqnum: 0, connid: 0"
"12:26:56,4473760","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 242.556, Length: 4.096"
"12:26:56,4477697","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,4486971","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 242.556, Length: 4.096"
"12:26:56,4503093","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.789.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4506713","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.789.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4509158","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.789.339, Length: 2.920"
"12:26:56,4513100","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.792.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4525028","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 558.080, Length: 4.096"
"12:26:56,4544365","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 551.936, Length: 4.096"
"12:26:56,4546543","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.792.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4548353","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 545.792, Length: 4.096"
"12:26:56,4550107","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.792.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4552160","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.792.259, Length: 5.840"
"12:26:56,4552388","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 553.984, Length: 4.096"
"12:26:56,4555761","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.798.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4555939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 549.888, Length: 4.096"
"12:26:56,4560370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 543.744, Length: 4.096"
"12:26:56,4564004","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 541.696, Length: 4.096"
"12:26:56,4568035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 556.032, Length: 4.096"
"12:26:56,4578051","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.798.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4581200","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.798.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4583266","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.798.099, Length: 1.460"
"12:26:56,4586821","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.799.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4596641","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,4599925","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,4602663","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,4605495","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,4607510","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,4609871","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,4631647","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:56,4634432","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:56,4634973","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 250.880, Length: 4.096"
"12:26:56,4636806","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:56,4639671","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:56,4643249","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:56,4748608","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4751421","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4753431","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976062, endtime: 976062, seqnum: 0, connid: 0"
"12:26:56,4764207","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4765840","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4767408","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976062, endtime: 976062, seqnum: 0, connid: 0"
"12:26:56,4782284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\sptd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,4784197","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4787439","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976063, endtime: 976063, seqnum: 0, connid: 0"
"12:26:56,4797506","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,4800664","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976063, endtime: 976063, seqnum: 0, connid: 0"
"12:26:56,4822562","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.799.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4828948","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.799.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4831388","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.799.559, Length: 2.920"
"12:26:56,4835741","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.802.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4873256","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.802.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4876037","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.802.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4877660","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.802.479, Length: 2.920"
"12:26:56,4880436","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.805.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4915386","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.805.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4918241","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.805.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4920219","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.805.399, Length: 1.460"
"12:26:56,4923074","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.806.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4947173","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.806.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4949963","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.806.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4951610","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.806.859, Length: 1.460"
"12:26:56,4954371","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.808.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,4960147","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,4964583","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,4968133","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,4972136","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,4974967","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,4978210","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,5068762","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5071999","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5074770","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976063, endtime: 976063, seqnum: 0, connid: 0"
"12:26:56,5085645","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5088084","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976063, endtime: 976063, seqnum: 0, connid: 0"
"12:26:56,5105480","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5109105","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976063, endtime: 976063, seqnum: 0, connid: 0"
"12:26:56,5124723","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5127504","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5129132","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5131180","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976063, endtime: 976063, seqnum: 0, connid: 0"
"12:26:56,5141750","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.808.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5144601","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.808.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5149560","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.808.319, Length: 2.920"
"12:26:56,5153977","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.811.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5179001","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.811.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5182551","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.811.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5184962","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.811.239, Length: 1.460"
"12:26:56,5187775","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.812.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5216227","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.812.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5219031","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.812.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5221060","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.812.699, Length: 1.460"
"12:26:56,5224204","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.814.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5253109","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.814.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5255922","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.814.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5257988","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.814.159, Length: 4.380"
"12:26:56,5261524","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.818.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5284005","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,5287261","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,5289664","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,5292481","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,5294478","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,5296852","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,5430780","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5433593","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5436005","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976063, endtime: 976063, seqnum: 0, connid: 0"
"12:26:56,5457688","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5460053","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5461676","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5463258","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5464839","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5466864","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976063, endtime: 976063, seqnum: 0, connid: 0"
"12:26:56,5494392","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.818.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5496822","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.818.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5498828","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.818.539, Length: 2.920"
"12:26:56,5501665","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.821.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5521439","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,5525120","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,5528670","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,5532659","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,5535490","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,5538355","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,5556516","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.821.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5560957","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.821.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5563714","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.821.459, Length: 2.920"
"12:26:56,5567399","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.824.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5590509","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.824.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5594069","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.824.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5596490","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.824.379, Length: 4.380"
"12:26:56,5600465","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.828.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5606426","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,5610424","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,5612855","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:56,5615239","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:56,5616885","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:56,5618840","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:56,5620846","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:56,5657793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:56,5663353","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,5678659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:56,5709108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,5715121","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 827.718, Length: 16.200"
"12:26:56,5736822","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,5741637","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\ACPI.sys","NO SUCH FILE","Filter: ACPI.sys"
"12:26:56,5741991","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,5744832","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:56,5745611","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,5748424","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,5752012","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,5754815","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,5758048","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,5762461","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,5764449","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5766478","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\ACPI.sys","SUCCESS","Filter: ACPI.sys, 1: acpi.sys"
"12:26:56,5767989","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5770014","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976063, endtime: 976063, seqnum: 0, connid: 0"
"12:26:56,5770522","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:56,5782082","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5784489","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:56,5786509","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976063, endtime: 976064, seqnum: 0, connid: 0"
"12:26:56,5797346","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,5802958","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:56,5804978","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:56,5811374","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,5815386","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:56,5818637","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:56,5831597","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.828.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5835287","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.828.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5838417","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.828.759, Length: 2.920"
"12:26:56,5842457","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.831.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5854497","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,5859694","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:56,5862493","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:56,5867620","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.831.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5870423","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.831.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5871739","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,5872397","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.831.679, Length: 2.920"
"12:26:56,5874864","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.834.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:56,5876577","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:56,5880556","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:56,5895843","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,5900625","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:56,5904235","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:56,5935188","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 301.104, Length: 4.096"
"12:26:56,5939130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 299.008, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,5955018","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:56,5968076","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,5971687","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,5972666","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 297.992, Length: 4.096"
"12:26:56,5974098","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,5976230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 294.912, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,5977247","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,5979263","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,5981632","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,6003507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,6047651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 327.168, Length: 7.040"
"12:26:56,6051271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 323.584, Length: 10.624, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,6066881","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:56,6072077","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 300.032, Length: 4.096"
"12:26:56,6075641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 304.128, Length: 4.096"
"12:26:56,6078506","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 307.200, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,6091801","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 302.080, Length: 4.096"
"12:26:56,6096144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 173.568, Length: 4.096"
"12:26:56,6099382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 172.032, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,6146573","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 327.168, Length: 4.096"
"12:26:56,6151373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:56,6155809","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 313.344, Length: 4.096"
"12:26:56,6159028","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 311.296, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,6177959","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,6195261","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,6195597","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 327.168, Length: 4.096"
"12:26:56,6198858","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,6201279","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,6204097","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,6206103","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,6208477","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,6216888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 236.032, Length: 4.096"
"12:26:56,6220424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 233.472, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,6249837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 327.168, Length: 4.096"
"12:26:56,6256256","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 331.264, Length: 2.944"
"12:26:56,6261532","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:56,6310081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,6315296","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 4.096, Length: 57.752"
"12:26:56,6318473","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 61.848, Length: 61.440"
"12:26:56,6321711","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 123.288, Length: 61.440"
"12:26:56,6353237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 184.728, Length: 61.440"
"12:26:56,6359637","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 246.168, Length: 61.440"
"12:26:56,6369061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 307.608, Length: 19.560"
"12:26:56,6502666","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,6506300","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,6508731","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,6511907","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,6513927","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,6516321","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,6667005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 328.555, Length: 4.096"
"12:26:56,6738025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 301.104, Length: 4.096"
"12:26:56,6741183","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,6752785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 185.344, Length: 4.096"
"12:26:56,6760006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 301.104, Length: 4.096"
"12:26:56,6765688","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,6771300","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:56,6776851","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:56,6782076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:56,6787301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:56,6790692","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,6792517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:56,6794303","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,6796724","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,6797727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:56,6799570","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,6801585","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,6802943","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:56,6803964","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,6808154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:56,6813374","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:56,6818575","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:56,6826702","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:56,6834250","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:56,6839866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:56,6845110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:56,6850335","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:56,6855569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:56,6860789","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:56,6870958","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:56,6877345","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:56,6882630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:56,6888191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:56,6893411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:56,6898627","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:56,6903837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:56,6909044","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:56,6914254","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:56,6919470","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:56,6924359","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:56,6931165","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:56,6936390","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:56,6941591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:56,6946802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:56,6952008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:56,6957224","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:56,6962430","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:56,6967631","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:56,6972833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:56,6977722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:56,6982923","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:56,6988125","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:56,6993326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:56,6998542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:56,7003738","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:56,7008926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:56,7013819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:56,7019021","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:56,7024227","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:56,7029937","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,7033566","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,7035437","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:56,7036001","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,7039150","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,7040704","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:56,7041184","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,7045551","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,7045919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:56,7051130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:56,7056332","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:56,7061542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:56,7066748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:56,7071955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:56,7077156","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:56,7082348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:56,7090815","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:56,7096390","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:56,7101288","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:56,7106494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:56,7111691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:56,7116888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:56,7122094","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:56,7128173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:56,7133383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:56,7138585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:56,7143786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:56,7148988","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:56,7154199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:26:56,7159414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:26:56,7164616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:56,7169495","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:26:56,7174701","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:26:56,7179898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:56,7185104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:26:56,7190310","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:26:56,7195507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:26:56,7200391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:26:56,7205602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:26:56,7211130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 331.776, Length: 2.432"
"12:26:56,7230023","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 301.104, Length: 4.096"
"12:26:56,7234810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,7239279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:56,7240767","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,7243711","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:56,7244350","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,7246761","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,7248124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:56,7249570","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,7251571","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,7252537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:56,7253624","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,7256945","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:56,7261358","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:56,7265767","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:56,7270180","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:56,7274593","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:56,7279001","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:56,7283410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:56,7287827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:56,7292241","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:56,7296649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:56,7301062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:56,7305475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:56,7309888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:56,7314297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:56,7318700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:56,7323114","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:56,7327895","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:56,7332304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:56,7336707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:56,7341120","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:56,7345221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:56,7349625","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:56,7354024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:56,7358432","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:56,7362836","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:56,7367244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:56,7371658","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:56,7376071","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:56,7380484","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:56,7385303","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:56,7389725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:56,7394138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:56,7398551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:56,7402960","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:56,7407373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:56,7411786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:56,7416190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:56,7420603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:56,7425394","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:56,7429849","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:56,7434271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:26:56,7438675","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:26:56,7443088","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:26:56,7447492","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:26:56,7451900","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:26:56,7456309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:26:56,7460722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:26:56,7463875","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,7465139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:26:56,7467458","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,7469562","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:26:56,7469865","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,7472687","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,7474320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:26:56,7475095","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,7477502","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,7478771","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:26:56,7483193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:26:56,7487601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:26:56,7492010","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:26:56,7496423","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:26:56,7500831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:26:56,7505240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:26:56,7509648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:26:56,7514061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:26:56,7518465","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:26:56,7522873","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:26:56,7528915","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:26:56,7533342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:26:56,7537755","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:26:56,7542159","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:26:56,7546562","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:26:56,7550971","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:26:56,7555379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:26:56,7559792","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:26:56,7564196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:26:56,7568600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:26:56,7573022","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:26:56,7577113","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:26:56,7581517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:26:56,7585926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:26:56,7590329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:26:56,7594742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 331.776, Length: 2.432"
"12:26:56,7614774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 301.104, Length: 4.096"
"12:26:56,7621977","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 327.168, Length: 4.096"
"12:26:56,7633205","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,7636392","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:56,7639634","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:56,7642885","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:26:56,7645292","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:56,7647648","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,7649659","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:56,7651716","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:56,7654114","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:26:56,7656115","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:56,7658093","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,7659745","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:56,7661755","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:56,7664106","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:26:56,7666103","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:56,7667750","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,7669709","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:56,7671720","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:56,7673730","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:26:56,7675391","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:56,7682337","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,7685915","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,7688336","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,7691145","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,7693169","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,7695544","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,7697806","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 309.248, Length: 4.096"
"12:26:56,7810998","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\acpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,7909107","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,7915988","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,7918843","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,7922431","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,7924446","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,7927623","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,8172213","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,8175936","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,8176566","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,8179034","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:56,8180335","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,8181791","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:56,8183111","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,8183783","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:56,8185798","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:56,8186708","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,8187841","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:56,8188732","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,8191121","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,8221149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\acpi.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:56,8225940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\acpi.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,8248020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\acpi.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:56,8270323","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\acpi.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,8276663","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 902.400, Length: 16.200"
"12:26:56,8297175","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,8301616","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\ACPI.sys.mui","NO SUCH FILE","Filter: ACPI.sys.mui"
"12:26:56,8304765","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:56,8320448","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,8324423","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\ACPI.sys.mui","SUCCESS","Filter: ACPI.sys.mui, 1: acpi.sys.mui"
"12:26:56,8328827","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:56,8354578","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,8360143","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:56,8362154","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:56,8368209","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,8372141","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:56,8375365","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:56,8401102","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,8404652","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:56,8406280","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:56,8412298","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,8415894","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:56,8419150","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:56,8421105","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,8424375","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,8428784","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,8431970","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,8433565","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,8434330","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,8436402","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,8437199","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:56,8440404","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:56,8546346","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\acpi.sys.mui","SUCCESS","Offset: 8.704, Length: 2.048"
"12:26:56,8555173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\acpi.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,8646135","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,8649406","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,8652135","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,8654966","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,8656972","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,8659043","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,8708007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\acpi.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:56,8712845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\acpi.sys.mui","SUCCESS","Offset: 8.192, Length: 2.560"
"12:26:56,8826307","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\acpi.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,8865875","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,8869132","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,8871520","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,8874333","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,8876334","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,8878700","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,9108698","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,9112323","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,9115112","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,9117944","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,9120734","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,9123169","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,9317606","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,9321613","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,9324044","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:56,9327263","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:56,9329273","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:56,9331279","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:56,9333308","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:56,9348684","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,9352733","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,9355971","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,9359946","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,9362745","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,9365945","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,9370624","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:56,9375849","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:56,9392750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:56,9414041","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,9419662","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 743.154, Length: 16.200"
"12:26:56,9441285","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,9445735","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\WMILIB.SYS","NO SUCH FILE","Filter: WMILIB.SYS"
"12:26:56,9448874","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:56,9464605","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,9468584","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\WMILIB.SYS","SUCCESS","Filter: WMILIB.SYS, 1: wmilib.sys"
"12:26:56,9472573","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:56,9498650","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,9503903","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:56,9505918","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:56,9512323","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,9515943","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:56,9519540","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:56,9546051","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,9549601","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:56,9551225","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:56,9557261","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,9560862","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:56,9564091","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:56,9577316","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:56,9580950","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:56,9582732","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,9584514","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:56,9586338","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,9588768","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,9591917","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,9593937","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,9595995","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,9609024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 7.280, Length: 4.096"
"12:26:56,9614566","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:56,9631878","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 7.176, Length: 4.096"
"12:26:56,9649078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,9688851","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 9.216, Length: 7.248"
"12:26:56,9694477","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 6.656, Length: 4.096"
"12:26:56,9699618","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 3.072, Length: 4.096"
"12:26:56,9704908","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:26:56,9708860","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 7.680, Length: 4.096"
"12:26:56,9716935","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,9735884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:26:56,9759997","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:26:56,9775634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:26:56,9781284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 13.312, Length: 3.152"
"12:26:56,9786508","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:56,9817867","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:56,9822256","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:56,9825055","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:56,9831087","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:56,9833452","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:56,9834236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,9835859","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:56,9839442","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 4.096, Length: 5.120"
"12:26:56,9862319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 10.603, Length: 4.096"
"12:26:56,9924093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 7.280, Length: 4.096"
"12:26:56,9928096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:56,9936563","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 7.280, Length: 4.096"
"12:26:57,0047501","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,0051079","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,0053486","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,0056323","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,0058665","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,0060717","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,0110283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmilib.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,0267344","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,0270931","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,0273338","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,0276156","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,0278167","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,0280215","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,0496820","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,0500440","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,0502884","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,0506052","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,0508072","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,0510460","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,0652808","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,0656815","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,0659246","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:57,0661639","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:57,0663290","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:57,0665245","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:57,0667256","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:57,0702612","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:57,0707389","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,0724528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:57,0735369","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,0738975","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,0741373","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,0745119","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,0747942","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,0749322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,0753078","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,0755723","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 88.026, Length: 16.200"
"12:26:57,0777004","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,0781791","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\msisadrv.sys","NO SUCH FILE","Filter: msisadrv.sys"
"12:26:57,0784944","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:57,0800633","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,0804617","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Filter: msisadrv.sys, 1: msisadrv.sys"
"12:26:57,0808614","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:57,0835895","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,0841162","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:57,0843173","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,0849536","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,0853165","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,0856393","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,0882499","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,0885727","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:57,0887677","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:57,0893704","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,0897301","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,0900515","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,0913414","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,0917351","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:57,0920560","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,0951555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:57,0958403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:57,0967686","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,0970956","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,0973382","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,0976526","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,0978542","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,0980604","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,0988879","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,1028989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 8.192, Length: 7.232"
"12:26:57,1034606","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 5.632, Length: 4.096"
"12:26:57,1037820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 2.560, Length: 4.096"
"12:26:57,1046212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:57,1049856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 6.656, Length: 4.096"
"12:26:57,1057861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,1068707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:57,1090758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 12.288, Length: 3.136"
"12:26:57,1096370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:57,1144956","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,1150148","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:57,1171402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 9.564, Length: 4.096"
"12:26:57,1203558","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,1206842","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,1209623","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,1212454","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,1214474","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,1216858","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,1233587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 1.240, Length: 4.096"
"12:26:57,1236017","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,1277335","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:57,1460320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msisadrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,1462321","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,1465946","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,1468353","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,1471506","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,1473522","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,1475896","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,1686101","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,1689716","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,1692133","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,1694969","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,1696989","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,1699368","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,1903140","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,1906760","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,1912811","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,1916001","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,1918021","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,1920410","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,1941323","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,1945316","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,1947742","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:57,1949804","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:57,1951749","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:57,1953377","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:57,1955388","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:57,1988677","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:57,1993118","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,2010127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:57,2036293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,2042334","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.288.932, Length: 16.200"
"12:26:57,2063112","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,2067549","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\vdrvroot.sys","NO SUCH FILE","Filter: vdrvroot.sys"
"12:26:57,2070390","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:57,2085658","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,2089633","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Filter: vdrvroot.sys, 1: vdrvroot.sys"
"12:26:57,2093626","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:57,2118887","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,2124130","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:57,2126528","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,2132919","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,2136539","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,2139767","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,2165103","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,2168313","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:57,2170267","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:57,2176285","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,2179872","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,2183087","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,2195943","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,2199549","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:57,2202750","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,2228067","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:57,2235260","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:57,2266124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,2278560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 34.682, Length: 1.750"
"12:26:57,2288212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:26:57,2296661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 34.682, Length: 1.750"
"12:26:57,2314290","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,2319095","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 29.184, Length: 7.248"
"12:26:57,2324343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 19.456, Length: 4.096"
"12:26:57,2328775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 8.704, Length: 4.096"
"12:26:57,2339621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 29.184, Length: 4.096"
"12:26:57,2343614","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 21.504, Length: 4.096"
"12:26:57,2347990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 25.600, Length: 4.096"
"12:26:57,2356816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,2361625","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:57,2370083","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 29.184, Length: 4.096"
"12:26:57,2391314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 33.280, Length: 3.152"
"12:26:57,2396921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:57,2442325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,2447517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 4.096, Length: 25.088"
"12:26:57,2486391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 30.571, Length: 4.096"
"12:26:57,2548972","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 3.168, Length: 4.096"
"12:26:57,2551052","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,2558264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 10.240, Length: 4.096"
"12:26:57,2561810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 3.168, Length: 4.096"
"12:26:57,2562328","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,2566270","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,2572810","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,2580465","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,2582863","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,2585284","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,2600837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 29.184, Length: 4.096"
"12:26:57,2677861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 5.120, Length: 4.096"
"12:26:57,2802580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vdrvroot.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,3109793","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,3113805","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,3116553","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:57,3118615","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:57,3120584","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:57,3122230","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:57,3124246","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:57,3160315","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:57,3164756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,3182208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:57,3201470","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,3207068","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.575.374, Length: 16.200"
"12:26:57,3228326","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,3232795","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\vdrvroot.sys.mui","NO SUCH FILE","Filter: vdrvroot.sys.mui"
"12:26:57,3235972","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:57,3236891","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,3240507","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,3246576","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,3249753","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,3251777","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,3252029","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,3254170","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,3256032","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Filter: vdrvroot.sys.mui, 1: vdrvroot.sys.mui"
"12:26:57,3260044","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:57,3286121","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,3291714","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:57,3293725","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,3300172","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,3304137","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,3307375","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,3334240","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,3337497","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:57,3339461","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:57,3345497","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,3349108","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,3352331","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,3365566","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,3369195","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:57,3372736","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,3477918","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:26:57,3486301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,3488633","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,3491903","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,3494287","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,3497096","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,3499097","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,3501154","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,3571344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:26:57,3584597","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,3594230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:26:57,3721137","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,3724710","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,3727948","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,3731097","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,3733117","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,3735183","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,3747088","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,3954545","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,3958152","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,3960568","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,3963745","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,3965765","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,3968158","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,4041119","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4044715","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976072, endtime: 976072, seqnum: 0, connid: 0"
"12:26:57,4064756","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4066757","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4067625","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4068787","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4069626","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4071987","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4073209","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976072, endtime: 976072, seqnum: 0, connid: 0"
"12:26:57,4115371","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.834.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4118180","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.834.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4120134","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.834.599, Length: 1.460"
"12:26:57,4123003","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.836.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4159866","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.836.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4162651","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.836.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4164284","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.836.059, Length: 8.760"
"12:26:57,4167843","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.844.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4224999","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,4228978","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,4231455","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,4234651","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,4237025","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,4239456","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,4259254","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,4262935","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,4265351","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:57,4267735","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:57,4269694","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:57,4271327","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:57,4273342","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:57,4308638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:57,4313415","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,4332247","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:57,4363815","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,4369842","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.397.660, Length: 16.200"
"12:26:57,4390765","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,4395533","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\pci.sys","NO SUCH FILE","Filter: pci.sys"
"12:26:57,4398378","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:57,4417631","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,4421619","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\pci.sys","SUCCESS","Filter: pci.sys, 1: pci.sys"
"12:26:57,4442672","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4445509","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4446745","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:57,4447781","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:57,4448704","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976072, endtime: 976072, seqnum: 0, connid: 0"
"12:26:57,4468754","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4470387","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4471241","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4472398","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4473233","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4474726","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,4475229","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:57,4476116","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,4476442","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976072, endtime: 976072, seqnum: 0, connid: 0"
"12:26:57,4480324","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:57,4482092","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,4482679","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,4485236","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,4488469","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,4489164","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,4490503","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,4492896","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,4493129","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,4496730","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,4509023","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.844.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4511817","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.847.488, EndOfFile: 406.844.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4515885","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.844.819, Length: 3.472, Priority: Normal"
"12:26:57,4523671","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,4532502","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:57,4534139","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:57,4535888","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 406.847.488, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:57,4540343","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.848.291, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4540558","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,4544178","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,4547411","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,4560986","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,4564620","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:57,4567834","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,4590315","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.848.291, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4593133","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.848.291, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4594775","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.848.291, Length: 8.208"
"12:26:57,4597993","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.856.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4598371","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 163.232, Length: 4.096"
"12:26:57,4601954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 159.744, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,4617199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:57,4630756","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:57,4635533","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:57,4636079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 159.844, Length: 4.096"
"12:26:57,4637926","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:57,4640795","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:57,4644387","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:57,4655970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,4698160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 177.664, Length: 7.040"
"12:26:57,4701743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 176.128, Length: 8.576, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,4716909","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 162.816, Length: 4.096"
"12:26:57,4720940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 166.912, Length: 4.096"
"12:26:57,4724149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 167.936, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,4731683","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,4734986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 164.864, Length: 4.096"
"12:26:57,4735308","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,4737734","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,4738564","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 50.688, Length: 4.096"
"12:26:57,4742893","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,4745636","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,4748071","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,4776920","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 177.664, Length: 4.096"
"12:26:57,4780941","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 168.960, Length: 4.096"
"12:26:57,4783735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 172.032, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,4804158","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4807289","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4808534","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:57,4810172","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976073, endtime: 976073, seqnum: 0, connid: 0"
"12:26:57,4814006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,4832564","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4834201","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4835059","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4835470","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 177.664, Length: 4.096"
"12:26:57,4836216","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4837061","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,4839057","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:57,4840266","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976073, endtime: 976073, seqnum: 0, connid: 0"
"12:26:57,4858786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 181.760, Length: 2.944"
"12:26:57,4864743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:57,4876751","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.856.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4879890","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.856.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4881523","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.856.499, Length: 3.472"
"12:26:57,4884359","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.859.971, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4912564","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,4917779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 4.096, Length: 57.736"
"12:26:57,4920965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 61.832, Length: 61.440"
"12:26:57,4921735","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.859.971, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4928108","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.859.971, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4928173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 123.272, Length: 54.392"
"12:26:57,4930141","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.859.971, Length: 8.208"
"12:26:57,4933001","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.868.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,4971002","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,4974604","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,4977001","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,4979833","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,4981839","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,4984218","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,5124084","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 179.051, Length: 4.096"
"12:26:57,5141429","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5143845","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5145081","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:26:57,5147031","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976073, endtime: 976073, seqnum: 0, connid: 0"
"12:26:57,5162720","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5164670","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5165523","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5166685","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5167529","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:26:57,5169083","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 6748, startime: 976073, endtime: 976073, seqnum: 0, connid: 0"
"12:26:57,5204397","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,5207672","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,5209295","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 163.232, Length: 4.096"
"12:26:57,5210438","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,5213270","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,5213382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,5216064","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,5218126","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,5221401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 59.392, Length: 4.096"
"12:26:57,5227451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 163.232, Length: 4.096"
"12:26:57,5228081","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.868.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5230959","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.868.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5233049","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,5237789","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.868.179, Length: 3.472"
"12:26:57,5238302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:57,5240597","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.871.651, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5246746","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:57,5251980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:57,5257191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:57,5258646","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.871.651, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5261072","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.871.651, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5262411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:57,5262984","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.871.651, Length: 6.748"
"12:26:57,5265485","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.878.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5271293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:57,5277684","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:57,5282946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:57,5288166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:57,5293368","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:57,5298569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:57,5303775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:57,5308986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:57,5314197","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:57,5319398","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:57,5324278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:57,5331476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:57,5336705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:57,5341902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:57,5347108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:57,5352319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:57,5357530","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:57,5362722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:57,5367602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:57,5372794","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:57,5377991","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:57,5383192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:57,5388394","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:57,5393278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:57,5398475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:57,5404059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:57,5409265","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:57,5414140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:57,5419332","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:57,5425322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:57,5431727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:57,5436765","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,5436938","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:57,5440040","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,5441827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:57,5443212","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,5446062","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,5447387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:57,5448400","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,5450466","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,5452607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:57,5457795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:57,5462688","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:57,5464470","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5467274","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5467876","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:57,5469285","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976073, endtime: 976073, seqnum: 0, connid: 0"
"12:26:57,5473082","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:57,5478279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 184.320, Length: 384"
"12:26:57,5489797","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5492516","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5493090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 163.232, Length: 4.096"
"12:26:57,5493753","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5494942","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5495796","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5497555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,5498189","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5499803","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976073, endtime: 976073, seqnum: 0, connid: 0"
"12:26:57,5501991","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:57,5506400","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:57,5511158","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:57,5515576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:57,5525433","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:57,5531087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:57,5532701","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.878.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5535481","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.878.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5535906","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:57,5537142","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.878.399, Length: 2.920"
"12:26:57,5539960","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.881.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5540687","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:57,5551146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:57,5555928","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:57,5560341","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:57,5564749","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:57,5568841","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:57,5573240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:57,5581604","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:57,5586036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:57,5590444","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:57,5594839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:57,5598925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:57,5606930","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:57,5611679","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:57,5615775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:57,5620174","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:26:57,5626570","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:26:57,5635802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:57,5640252","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:26:57,5649060","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:26:57,5653874","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:26:57,5661235","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.881.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5662299","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:26:57,5667090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:26:57,5668835","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.881.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5670822","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.881.319, Length: 2.920"
"12:26:57,5673602","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.884.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5676359","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:26:57,5681113","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:26:57,5684463","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.884.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5686450","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.884.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5687705","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.884.239, Length: 5.840"
"12:26:57,5688750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:26:57,5690513","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.890.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5693191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:26:57,5697604","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:26:57,5702008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:26:57,5706411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:26:57,5710829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:26:57,5712700","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,5715238","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:26:57,5716660","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,5719081","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,5719655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:26:57,5721946","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,5724073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:26:57,5724288","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,5731924","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,5733720","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:26:57,5738479","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:26:57,5745770","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:26:57,5750496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 184.320, Length: 384"
"12:26:57,5768185","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 163.232, Length: 4.096"
"12:26:57,5777357","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 177.664, Length: 4.096"
"12:26:57,5846165","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5848964","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5850201","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5852155","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976074, endtime: 976074, seqnum: 0, connid: 0"
"12:26:57,5870885","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5872901","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5873619","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 171.008, Length: 4.096"
"12:26:57,5874445","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5875303","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,5877649","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976074, endtime: 976074, seqnum: 0, connid: 0"
"12:26:57,5885207","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 2920, seqnum: 0, connid: 0"
"12:26:57,5994270","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.890.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5997087","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.890.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,5999037","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.890.079, Length: 11.680"
"12:26:57,6002387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,6003040","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.901.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,6035131","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,6039138","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,6041550","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,6044708","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,6046728","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,6049107","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,6169632","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,6172459","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,6174465","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976074, endtime: 976074, seqnum: 0, connid: 0"
"12:26:57,6189243","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,6190886","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,6192066","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,6192919","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:57,6194482","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976074, endtime: 976074, seqnum: 0, connid: 0"
"12:26:57,6231742","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.901.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,6235334","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.901.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,6237778","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.901.759, Length: 2.920"
"12:26:57,6241016","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.904.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,6275779","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.904.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,6278574","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.904.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,6280523","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.904.679, Length: 5.840"
"12:26:57,6283738","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.910.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:57,6306358","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,6310804","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,6314373","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:57,6317223","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:57,6319658","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:57,6321039","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,6322023","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:57,6324416","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:57,6327127","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,6330276","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,6333126","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,6335146","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,6337520","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,6359362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:57,6363775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,6377024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:57,6401314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,6407328","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.226.452, Length: 16.200"
"12:26:57,6432560","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,6437020","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\pci.sys.mui","NO SUCH FILE","Filter: pci.sys.mui"
"12:26:57,6439861","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:57,6455899","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,6459869","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Filter: pci.sys.mui, 1: pci.sys.mui"
"12:26:57,6463527","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:57,6489609","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,6495188","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:57,6497199","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,6503585","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,6507205","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,6510419","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,6538064","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,6541316","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:57,6542939","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:57,6549311","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,6552927","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,6556141","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,6569366","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,6572982","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:57,6576261","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,6622627","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,6626657","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,6629377","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,6632250","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,6634280","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,6636664","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,6688543","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 6.656, Length: 1.536"
"12:26:57,6697411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,6786023","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:57,6808158","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,6821449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:57,6889390","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,6893033","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,6895459","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,6898641","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,6899191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:26:57,6900982","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,6903054","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,7010713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\pci.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,7155495","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,7160459","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,7164079","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,7168819","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,7171683","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,7175238","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,7408287","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,7412224","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,7414641","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,7417486","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,7419516","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,7421895","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,7541762","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,7545769","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,7548181","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:57,7550570","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:57,7552515","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:57,7554148","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:57,7556163","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:57,7593917","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:57,7598722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,7616407","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:57,7642475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,7643230","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,7646062","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,7648138","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.196.482, Length: 16.200"
"12:26:57,7648437","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,7650890","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,7652878","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,7655238","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,7668580","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,7673030","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\partmgr.sys","NO SUCH FILE","Filter: partmgr.sys"
"12:26:57,7676179","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:57,7692227","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,7695889","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Filter: partmgr.sys, 1: partmgr.sys"
"12:26:57,7699864","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:57,7728325","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,7734795","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:57,7736824","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,7744368","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,7748823","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,7752830","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,7780088","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,7783316","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:57,7784934","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:57,7790976","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,7794596","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,7798141","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,7811044","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,7814660","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:57,7817846","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,7845099","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 60.012, Length: 4.096"
"12:26:57,7850333","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:57,7864921","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,7868177","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,7870584","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,7873397","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,7875417","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,7877796","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,7880408","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,7921386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 68.096, Length: 7.024"
"12:26:57,7928980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 61.952, Length: 4.096"
"12:26:57,7934966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 25.088, Length: 4.096"
"12:26:57,7966249","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 68.096, Length: 4.096"
"12:26:57,7971492","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:57,7982716","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,7987517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 59.904, Length: 4.096"
"12:26:57,8004012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 68.096, Length: 4.096"
"12:26:57,8028018","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 72.192, Length: 2.928"
"12:26:57,8034517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:57,8081843","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,8087077","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:26:57,8087926","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,8090249","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 61.840, Length: 6.256"
"12:26:57,8091551","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,8093972","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,8096799","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,8099146","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,8101217","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,8170501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 69.467, Length: 4.096"
"12:26:57,8247917","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 60.012, Length: 4.096"
"12:26:57,8251565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,8261963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 29.184, Length: 4.096"
"12:26:57,8266731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 60.012, Length: 4.096"
"12:26:57,8272380","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,8279233","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:57,8287206","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:57,8294012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:57,8305609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:57,8314832","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:57,8321241","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:57,8328066","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:57,8333734","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:57,8339276","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:57,8344170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:57,8349381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:57,8356840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:57,8360749","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,8364495","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:57,8364761","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,8370117","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:57,8375360","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:57,8380034","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,8380585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:57,8383622","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,8385791","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:57,8385996","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,8388413","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,8391007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 73.728, Length: 1.392"
"12:26:57,8407465","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 60.012, Length: 4.096"
"12:26:57,8411845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,8416282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:57,8420695","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:57,8426302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:57,8431098","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:57,8435506","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:57,8439910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:57,8444304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:57,8448405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:57,8452813","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:57,8457217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:57,8461616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:57,8466015","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:57,8470423","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:57,8474823","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:57,8479222","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:57,8483304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:57,8487693","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:57,8492097","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 73.728, Length: 1.392"
"12:26:57,8510127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 60.012, Length: 4.096"
"12:26:57,8518524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 68.096, Length: 4.096"
"12:26:57,8534241","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8542633","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:57,8545866","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:57,8564283","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:57,8587977","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 67.584, Length: 4.096"
"12:26:57,8599080","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,8602354","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,8604771","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,8607920","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,8609930","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,8611992","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,8617441","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8629845","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:57,8633059","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:57,8640738","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8646327","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:57,8650376","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:57,8665201","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8669992","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:57,8673556","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:57,8686842","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8691265","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:57,8694465","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:57,8701481","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\partmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:57,8708115","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8712542","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:57,8715728","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:57,8745043","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8749862","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:57,8751816","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:57,8783958","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8789939","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:57,8792724","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:57,8821642","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8830874","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:57,8838049","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,8838786","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:57,8842075","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,8844505","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,8847351","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,8849371","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,8851755","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,8869673","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8874874","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:57,8876862","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:57,8899734","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8904133","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:57,8905771","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:57,8930187","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8934241","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:57,8935869","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:57,8957897","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8961923","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:57,8963547","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:57,8985976","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,8986578","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,8990006","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:57,8990562","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,8991956","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:57,8993347","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:57,8995749","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:57,8997400","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:57,8999360","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:57,9001375","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:57,9013649","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9017665","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:57,9019284","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:57,9040589","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9043141","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\partmgr.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Synchronous"
"12:26:57,9044955","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:57,9046579","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:57,9047890","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\partmgr.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:57,9052550","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9056963","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:57,9063420","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9069018","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:57,9071024","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:57,9079542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\partmgr.sys.mui","SUCCESS","Offset: 184, Length: 2.376"
"12:26:57,9085102","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9091092","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:57,9093537","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:57,9097969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\partmgr.sys.mui","SUCCESS","Offset: 0, Length: 2.560"
"12:26:57,9102620","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:57,9103562","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 72.798, Length: 16.200"
"12:26:57,9105810","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7300000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:57,9108619","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:57,9120645","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9123654","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,9127512","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:57,9129644","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\partmgr.sys.mui","NO SUCH FILE","Filter: partmgr.sys.mui"
"12:26:57,9130726","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:57,9132504","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:57,9149186","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:57,9150123","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,9154121","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\partmgr.sys.mui","SUCCESS","Filter: partmgr.sys.mui, 1: partmgr.sys.mui"
"12:26:57,9158119","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:57,9185041","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,9189808","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9190662","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:57,9192668","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,9195486","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:57,9197856","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:57,9200706","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,9204657","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9204713","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,9208333","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,9209504","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:57,9213516","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:57,9230767","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9236346","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:57,9237172","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,9240368","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:57,9240783","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:57,9242775","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:57,9249180","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,9252819","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:57,9255216","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9256065","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:57,9259657","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:57,9262862","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:57,9269724","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:57,9273666","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:57,9276890","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:57,9286313","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9290745","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:57,9294304","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:57,9314970","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,9318385","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9318572","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,9321002","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,9322836","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:57,9324193","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,9327594","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:57,9332646","dgnsvc.exe","1612","RegQueryKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:26:57,9335006","dgnsvc.exe","1612","RegOpenKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Acoustic Optimization","SUCCESS","Desired Access: Read/Write"
"12:26:57,9337861","dgnsvc.exe","1612","RegQueryValue","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Acoustic Optimization\HostThreadId","NAME NOT FOUND","Length: 144"
"12:26:57,9340269","dgnsvc.exe","1612","RegCloseKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Acoustic Optimization","SUCCESS",""
"12:26:57,9342760","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,9343455","dgnsvc.exe","1612","RegQueryKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:26:57,9345475","dgnsvc.exe","1612","RegOpenKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Language Model Optimization","SUCCESS","Desired Access: Read/Write"
"12:26:57,9346748","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,9348260","dgnsvc.exe","1612","RegQueryValue","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Language Model Optimization\HostThreadId","NAME NOT FOUND","Length: 144"
"12:26:57,9350275","dgnsvc.exe","1612","RegCloseKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Language Model Optimization","SUCCESS",""
"12:26:57,9352295","dgnsvc.exe","1612","RegQueryKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:26:57,9353914","dgnsvc.exe","1612","RegOpenKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Data Collection","SUCCESS","Desired Access: Read/Write"
"12:26:57,9356256","dgnsvc.exe","1612","RegQueryValue","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Data Collection\HostThreadId","NAME NOT FOUND","Length: 144"
"12:26:57,9356941","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9357921","dgnsvc.exe","1612","RegCloseKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Data Collection","SUCCESS",""
"12:26:57,9362535","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:57,9364186","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:57,9386196","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9390231","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:57,9391864","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:57,9414321","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9418678","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:57,9420301","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:57,9453096","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9458288","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:57,9460280","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:57,9483167","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9487216","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:57,9489171","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:57,9510485","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9514847","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:57,9516480","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:57,9544512","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9549746","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:57,9551766","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:57,9575842","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9580250","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:57,9582214","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:57,9604326","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9608702","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:57,9610335","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:57,9616320","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9620761","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:57,9627954","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9633571","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:57,9635572","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:57,9649647","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9655646","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:57,9658090","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:57,9667094","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:26:57,9670784","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7300000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:26:57,9674791","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:57,9698830","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:26:57,9739397","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9744985","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:57,9746982","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:57,9753382","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9757865","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:57,9762227","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:57,9775858","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9780285","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:57,9783518","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:57,9796361","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9800746","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:57,9803932","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:57,9809969","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:57,9813542","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:57,9815959","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:57,9817162","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9818795","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:57,9821160","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:57,9821589","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:57,9831652","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:57,9839610","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:57,9872960","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9878152","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:57,9880154","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:57,9904225","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9912249","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:57,9914264","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:57,9941540","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9946383","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:57,9948365","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:57,9971256","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:57,9975656","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:57,9977293","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:57,9999694","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0004107","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,0005787","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:58,0033030","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0038619","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:58,0040672","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:58,0046890","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,0050151","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,0052544","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,0055362","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,0057363","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,0059733","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,0063479","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0067537","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:58,0069165","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:58,0094809","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0098853","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:58,0100803","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,0122132","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0134056","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:58,0136841","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,0149837","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,0153826","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,0156639","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:58,0158687","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:58,0160641","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:58,0162274","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:58,0164299","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:58,0164481","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0169300","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:58,0170937","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:58,0176941","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0181387","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,0188202","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0193800","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:58,0195811","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,0198782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:58,0203233","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,0210636","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0216225","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:58,0219873","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:58,0220358","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:58,0222308","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:58,0233835","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,0236653","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:58,0241066","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:58,0242377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,0249622","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.373.684, Length: 16.200"
"12:26:58,0273656","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,0279272","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\compbatt.sys","NO SUCH FILE","Filter: compbatt.sys"
"12:26:58,0282953","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:58,0303348","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,0308205","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Filter: compbatt.sys, 1: compbatt.sys"
"12:26:58,0313387","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:58,0320259","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,0329318","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,0333316","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,0336988","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,0339344","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,0341415","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,0346346","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,0352294","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:58,0354300","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,0360737","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,0364357","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,0367613","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,0394461","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,0397698","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:58,0399643","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:58,0405671","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,0410060","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,0414142","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,0431715","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,0435209","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:58,0436543","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:58,0440588","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,0467468","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 11.976, Length: 4.096"
"12:26:58,0472693","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:58,0474643","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0479457","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:58,0481444","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,0487476","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0489141","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 11.784, Length: 4.096"
"12:26:58,0491931","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:58,0495915","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,0505968","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,0509565","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0513978","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:58,0517547","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,0530856","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0535260","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:58,0538432","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,0548102","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 14.336, Length: 7.248"
"12:26:58,0549698","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,0551694","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0553290","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,0553724","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 11.776, Length: 4.096"
"12:26:58,0555711","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,0556098","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:58,0557306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 5.120, Length: 4.096"
"12:26:58,0558543","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,0559289","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,0560567","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,0562946","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,0571772","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 14.336, Length: 4.096"
"12:26:58,0576200","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 13.312, Length: 4.096"
"12:26:58,0581732","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0584601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,0585749","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:58,0587377","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,0595424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 14.336, Length: 4.096"
"12:26:58,0608234","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0612260","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:58,0613865","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,0616281","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 18.432, Length: 3.152"
"12:26:58,0621898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:58,0635146","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0639154","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:58,0640777","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:58,0663211","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0667256","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,0668072","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,0669210","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,0673297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 4.096, Length: 10.240"
"12:26:58,0690501","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0694509","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,0696123","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:58,0699715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 15.723, Length: 4.096"
"12:26:58,0717750","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0721766","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:58,0723380","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:58,0745880","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0749887","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:58,0751506","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:58,0772316","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0775983","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:58,0777597","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,0782640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 11.976, Length: 4.096"
"12:26:58,0785896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,0794293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 6.144, Length: 4.096"
"12:26:58,0797484","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 11.976, Length: 4.096"
"12:26:58,0800395","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0804383","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:58,0806025","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,0807560","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,0811166","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,0813578","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,0816386","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,0818747","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,0820086","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,0821140","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,0825721","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,0827718","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0828935","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:58,0831730","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:58,0832532","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,0833358","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:58,0835373","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,0838195","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,0839310","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0840966","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:58,0843719","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,0844236","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:58,0852181","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0857009","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,0858147","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:58,0859440","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,0860177","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,0862239","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:58,0865882","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:58,0873794","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0879019","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:26:58,0881440","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:26:58,0889501","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:26:58,0896382","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:26:58,0902003","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:26:58,0905572","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,0925142","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,0932358","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:26:58,0935223","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:26:58,0952045","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:58,0965685","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:58,0978901","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\compbatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,1001298","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1006112","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:58,1008109","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:58,1012596","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,1016193","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,1017350","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1018614","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,1021432","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,1022173","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:58,1023778","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,1027333","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,1031434","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,1046683","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1054245","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:58,1059134","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,1078359","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1084344","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:58,1088743","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,1106032","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1111625","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:58,1115641","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,1145381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1147494","sua.exe","2440","CreateFile","C:\Program Files (x86)\Secunia\PSI\SUA","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1152145","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:58,1154319","sua.exe","2440","QuerySecurityFile","C:\Program Files (x86)\Secunia\PSI\SUA","BUFFER OVERFLOW","Information: DACL"
"12:26:58,1156218","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:58,1156754","sua.exe","2440","QuerySecurityFile","C:\Program Files (x86)\Secunia\PSI\SUA","SUCCESS","Information: DACL"
"12:26:58,1158793","sua.exe","2440","CloseFile","C:\Program Files (x86)\Secunia\PSI\SUA","SUCCESS",""
"12:26:58,1185626","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1190435","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:58,1192096","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:58,1200964","lsass.exe","780","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Builtin\Groups\00000220","NAME NOT FOUND","Desired Access: Read/Write"
"12:26:58,1204999","lsass.exe","780","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Builtin\Aliases\00000220","SUCCESS","Desired Access: Read/Write"
"12:26:58,1209739","lsass.exe","780","RegQueryValue","HKLM\SAM\SAM\DOMAINS\Builtin\Aliases\00000220\C","SUCCESS","Type: REG_BINARY, Length: 464, Data: 20 02 00 00 00 00 00 00 98 00 00 00 02 00 01 00"
"12:26:58,1212589","lsass.exe","780","RegCloseKey","HKLM\SAM\SAM\DOMAINS\Builtin\Aliases\00000220","SUCCESS",""
"12:26:58,1215290","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1219349","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,1220982","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,1256221","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1259174","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,1263928","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,1266508","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,1267552","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,1270547","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:58,1280391","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,1283969","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,1286768","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,1305857","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1308082","sua.exe","2440","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,1311697","sua.exe","2440","RegCreateKey","HKLM\SOFTWARE\Wow6432Node\Secunia\sua","SUCCESS","Desired Access: Read/Write"
"12:26:58,1312262","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:58,1315065","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:58,1317711","sua.exe","2440","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Secunia\sua","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:58,1320570","sua.exe","2440","RegDeleteValue","HKLM\SOFTWARE\Wow6432Node\Secunia\sua\Directory Error","NAME NOT FOUND",""
"12:26:58,1328575","sua.exe","2440","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Secunia\sua","SUCCESS",""
"12:26:58,1349167","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1355567","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:58,1358375","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:58,1358986","sua.exe","2440","CreateFile","C:\Program Files (x86)\Secunia\PSI\SUA","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1365494","sua.exe","2440","QueryBasicInformationFile","C:\Program Files (x86)\Secunia\PSI\SUA","SUCCESS","CreationTime: 15.06.2013 07:14:17, LastAccessTime: 28.07.2013 15:12:12, LastWriteTime: 28.07.2013 15:12:12, ChangeTime: 28.07.2013 15:12:12, FileAttributes: DNCI"
"12:26:58,1368246","sua.exe","2440","CloseFile","C:\Program Files (x86)\Secunia\PSI\SUA","SUCCESS",""
"12:26:58,1387121","sua.exe","2440","CreateFile","C:\Program Files (x86)\Secunia\PSI\SUA","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1396269","sua.exe","2440","QueryDirectory","C:\Program Files (x86)\Secunia\PSI\SUA\*","SUCCESS","Filter: *, 1: ."
"12:26:58,1396526","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1401475","sua.exe","2440","QueryDirectory","C:\Program Files (x86)\Secunia\PSI\SUA","SUCCESS","0: .."
"12:26:58,1402903","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:58,1404708","sua.exe","2440","QueryDirectory","C:\Program Files (x86)\Secunia\PSI\SUA","NO MORE FILES",""
"12:26:58,1405991","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,1407101","sua.exe","2440","CloseFile","C:\Program Files (x86)\Secunia\PSI\SUA","SUCCESS",""
"12:26:58,1413954","sua.exe","2440","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,1417126","sua.exe","2440","RegCreateKey","HKLM\SOFTWARE\Wow6432Node\Secunia\sua","SUCCESS","Desired Access: Read/Write"
"12:26:58,1422748","sua.exe","2440","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Secunia\sua","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:58,1425155","sua.exe","2440","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Secunia\sua","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:26:58,1427156","sua.exe","2440","RegSetValue","HKLM\SOFTWARE\Wow6432Node\Secunia\sua\Check","SUCCESS","Type: REG_SZ, Length: 40, Data: 2013-10-06 10:26:58"
"12:26:58,1451325","sua.exe","2440","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Secunia\sua","SUCCESS",""
"12:26:58,1456522","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1462582","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:58,1465353","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,1481816","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,1485823","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,1489033","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,1493031","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,1495876","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,1499048","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,1499104","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1504726","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:58,1506690","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:58,1513477","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1517923","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,1527920","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1534418","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:58,1536779","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,1555229","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1561256","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:26:58,1563691","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:26:58,1573474","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:26:58,1578741","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:58,1598604","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,1600391","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:26:58,1603395","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,1605807","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:58,1608163","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:58,1609781","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:58,1611848","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:58,1613854","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:58,1655909","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:58,1663965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,1678833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:58,1693126","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:58,1702442","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,1704738","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,1706048","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,1708479","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,1710751","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.701.896, Length: 16.200"
"12:26:58,1711334","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,1713344","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,1715728","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,1717221","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1722003","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:58,1723673","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,1732051","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1732802","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,1736879","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:58,1737607","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\BATTC.SYS","NO SUCH FILE","Filter: BATTC.SYS"
"12:26:58,1740793","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:58,1740896","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,1756099","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1760508","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,1761324","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:58,1764911","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,1765690","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\BATTC.SYS","SUCCESS","Filter: BATTC.SYS, 1: battc.sys"
"12:26:58,1770118","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:58,1778179","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1782601","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:58,1785806","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,1797748","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,1799829","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1803020","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:58,1804265","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:58,1805376","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,1807475","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,1811804","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,1815438","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,1819007","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,1833599","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:58,1850370","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,1853966","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:58,1855926","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:58,1856793","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1860852","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: DNCI"
"12:26:58,1862363","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,1862825","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,1866002","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,1869575","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,1883645","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,1884886","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1887615","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:58,1888935","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:58,1890862","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,1890894","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:58,1915236","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1919384","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 12.400, Length: 4.096"
"12:26:58,1922061","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,1924846","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,1926563","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:58,1944990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 12.296, Length: 4.096"
"12:26:58,1947332","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,1950933","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,1953368","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,1956550","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,1956923","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1958583","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,1960991","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,1962124","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,1962255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,1964140","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:58,1989004","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,1994224","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:58,1996641","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:58,2008438","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 20.992, Length: 7.248"
"12:26:58,2014853","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 11.776, Length: 4.096"
"12:26:58,2021552","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2022037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 4.608, Length: 4.096"
"12:26:58,2026762","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:58,2029156","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:58,2034077","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 20.992, Length: 4.096"
"12:26:58,2038094","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 13.824, Length: 4.096"
"12:26:58,2047335","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,2052023","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2056068","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:58,2058009","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,2063019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 20.992, Length: 4.096"
"12:26:58,2079267","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2083284","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:58,2083867","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 6.656, Length: 4.096"
"12:26:58,2084921","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,2098725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 20.992, Length: 4.096"
"12:26:58,2104351","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 25.088, Length: 3.152"
"12:26:58,2105820","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2109911","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:58,2110159","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:58,2111815","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:58,2117781","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2122190","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,2130633","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2137472","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:58,2139488","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,2152475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,2154747","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:26:58,2157686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 4.096, Length: 16.896"
"12:26:58,2190163","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 22.379, Length: 4.096"
"12:26:58,2201294","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,2204919","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,2207662","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,2210498","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,2212523","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,2214911","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,2239458","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:58,2242673","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:58,2251079","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,2253113","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,2253575","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 12.400, Length: 4.096"
"12:26:58,2255492","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:26:58,2256001","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,2263973","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:58,2264402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 5.632, Length: 4.096"
"12:26:58,2266753","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:58,2267640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 12.400, Length: 4.096"
"12:26:58,2269193","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:26:58,2290773","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:58,2303299","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 20.992, Length: 4.096"
"12:26:58,2336173","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2344146","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:58,2346959","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:58,2354567","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2359410","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:58,2363412","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,2375910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 15.872, Length: 4.096"
"12:26:58,2377874","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2380374","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 19.968, Length: 4.096"
"12:26:58,2382301","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:58,2385851","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,2398750","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2403135","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:58,2406353","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,2419607","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2425214","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:58,2429226","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,2432417","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,2437222","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,2440464","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,2444084","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,2446440","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,2448488","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,2461844","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2467110","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, FileAttributes: ANCI"
"12:26:58,2469112","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:58,2492357","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2496766","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:26:58,2498399","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,2501524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\battc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,2520884","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2528856","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:58,2531296","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:58,2559370","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2563797","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,2565430","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,2590705","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2595878","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,2598314","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:58,2628211","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2637448","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:58,2640658","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:58,2675151","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2681164","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:58,2683977","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:58,2689556","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,2694011","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,2697589","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,2701993","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,2704815","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,2708076","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,2715680","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2720863","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:58,2722510","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,2747771","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2752151","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:58,2753789","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,2776297","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2780678","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:58,2782660","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:58,2788659","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2793068","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,2801138","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2807539","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:58,2810352","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,2817009","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,2821025","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,2823446","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:58,2826609","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:58,2828377","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2828597","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:58,2830234","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:58,2832259","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:58,2837264","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:58,2841281","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:26:58,2844042","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:58,2852365","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:58,2856316","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:26:58,2859978","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:58,2862380","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:55, LastWriteTime: 06.10.2013 12:26:55, ChangeTime: 06.10.2013 12:26:55, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:58,2866378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\battc.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:58,2871160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\battc.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,2888262","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\battc.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:26:58,2896486","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:58,2907122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\battc.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,2912385","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.993.470, Length: 16.200"
"12:26:58,2920852","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,2925633","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,2928889","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,2932892","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,2933629","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,2937030","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,2938401","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\BATTC.SYS.mui","NO SUCH FILE","Filter: BATTC.SYS.mui"
"12:26:58,2941256","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:58,2941494","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,2946565","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2952158","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:26:58,2954174","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:58,2958069","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,2961731","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2962081","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\BATTC.SYS.mui","SUCCESS","Filter: BATTC.SYS.mui, 1: battc.sys.mui"
"12:26:58,2965734","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:58,2966214","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:58,2970585","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,2985443","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,2990220","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:58,2993803","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,2993835","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,2999396","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:58,3001416","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,3007509","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3007872","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,3011833","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,3011931","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:58,3015108","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,3015509","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,3033553","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3039580","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:58,3043588","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,3045192","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,3047170","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:58,3049125","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:58,3055218","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,3058838","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,3062397","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,3075300","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3076471","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,3080455","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:58,3080516","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:26:58,3082904","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:26:58,3083688","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,3107843","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3112219","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:26:58,3113857","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,3137863","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3141907","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:58,3143535","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:58,3164481","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,3165209","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3168069","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,3169561","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,3170494","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,3171194","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,3173326","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,3175355","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,3177725","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,3190787","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\battc.sys.mui","SUCCESS","Offset: 6.656, Length: 3.072"
"12:26:58,3194458","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3200052","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\battc.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,3200084","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,3202501","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:58,3226997","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3231802","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:58,3233742","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:58,3254604","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3258290","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:58,3260221","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:58,3281106","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3284764","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:58,3286378","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,3310020","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3314839","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:58,3316467","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,3343333","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3348917","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:58,3351655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\battc.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:58,3352807","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:58,3363639","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3370040","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,3377658","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3384487","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:58,3385966","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,3386857","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,3389591","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,3392390","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,3395231","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,3397241","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,3399616","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,3404192","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3412179","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:58,3416153","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:26:58,3418598","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:26:58,3434515","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:26:58,3439334","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:26:58,3453800","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:26:58,3499232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\battc.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,3567299","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:58,3596969","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3603047","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:26:58,3605869","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,3614224","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3619883","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:26:58,3625131","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,3641967","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3647575","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:26:58,3651960","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,3668446","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3674044","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:26:58,3678042","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,3695666","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3698087","csrss.exe","720","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\SideBySide\PublisherPolicyChangeTime","SUCCESS","Type: REG_QWORD, Length: 8, Data: "
"12:26:58,3700867","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:26:58,3704884","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,3738243","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:26:58,3767120","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3772718","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:26:58,3775172","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,3803241","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3808400","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:26:58,3810486","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:26:58,3840510","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3846140","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,3848599","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:26:58,3875446","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3880671","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:26:58,3883040","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:26:58,3912299","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3919563","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:26:58,3922413","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:26:58,3951690","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3957321","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:26:58,3960083","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:26:58,3989365","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,3994986","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:26:58,3997431","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:26:58,4014169","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,4018545","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,4020980","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:58,4023368","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:58,4025803","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:58,4027483","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,4028966","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:58,4031775","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:58,4033090","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:26:58,4035530","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:26:58,4064388","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,4067494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:58,4069990","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:26:58,4072267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,4072449","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:26:58,4080472","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,4086504","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,4091132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:58,4096912","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,4104553","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:26:58,4107371","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:26:58,4114350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,4117354","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:26:58,4119999","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 636.396, Length: 16.200"
"12:26:58,4123582","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 638.976, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,4131806","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:26:58,4151287","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,4156512","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\volmgr.sys","NO SUCH FILE","Filter: volmgr.sys"
"12:26:58,4159358","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:58,4174757","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:26:58,4183597","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,4185426","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,4188015","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,4189843","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Filter: volmgr.sys, 1: volmgr.sys"
"12:26:58,4191943","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,4194172","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:58,4196029","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,4199229","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,4202831","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,4224117","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:26:58,4225087","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,4226440","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:26:58,4233517","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:58,4235910","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,4244764","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:26:58,4247214","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,4253213","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,4255163","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:26:58,4258018","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,4273655","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:26:58,4300105","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,4304934","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:58,4307378","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:58,4315019","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,4319381","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,4323393","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,4343858","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,4348724","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:58,4352689","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,4384029","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 58.476, Length: 4.096"
"12:26:58,4389608","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:58,4437266","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,4481350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 64.512, Length: 7.040"
"12:26:58,4487386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 58.368, Length: 4.096"
"12:26:58,4492541","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 18.432, Length: 4.096"
"12:26:58,4503798","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 62.464, Length: 4.096"
"12:26:58,4531121","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,4544379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 64.512, Length: 4.096"
"12:26:58,4566803","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 68.608, Length: 2.944"
"12:26:58,4572793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:58,4616933","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,4622140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:26:58,4626613","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 61.840, Length: 4.096"
"12:26:58,4634492","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:58,4637632","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:58,4639671","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:58,4642512","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:58,4646113","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:58,4695996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 65.936, Length: 4.096"
"12:26:58,4758959","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 58.476, Length: 4.096"
"12:26:58,4761390","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,4769003","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 22.528, Length: 4.096"
"12:26:58,4771844","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 58.476, Length: 4.096"
"12:26:58,4776271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,4781836","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:58,4787738","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:58,4795808","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:58,4801835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:58,4807429","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:58,4813848","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:58,4821078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:58,4830301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:58,4837872","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:58,4845136","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:58,4852385","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:58,4859943","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:58,4867239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:58,4868386","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,4871600","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,4874371","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976083, endtime: 976083, seqnum: 0, connid: 0"
"12:26:58,4874824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:58,4882050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:58,4889257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:58,4889659","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.982.464, Length: 8.192"
"12:26:58,4894869","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.982.464, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,4896451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 69.632, Length: 1.920"
"12:26:58,4896913","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,4899656","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,4901265","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,4902893","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,4904503","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,4907334","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,4909709","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976083, endtime: 976083, seqnum: 0, connid: 0"
"12:26:58,4913697","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.892.352, Length: 8.192"
"12:26:58,4917313","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 58.476, Length: 4.096"
"12:26:58,4919389","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 10.272.768, Length: 8.192"
"12:26:58,4926820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,4934583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:58,4940992","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:58,4946623","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:58,4952221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:58,4957464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:58,4960511","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.910.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,4963076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:58,4965707","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.913.024, EndOfFile: 406.910.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,4968665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:58,4971357","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.910.519, Length: 2.920, Priority: Normal"
"12:26:58,4973913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:58,4979157","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:58,4982711","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\OBJECTS.DATA","SUCCESS","Offset: 18.489.344, Length: 8.192"
"12:26:58,4984741","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:58,4990227","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.913.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,4990343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:58,4995937","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:58,4999253","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.913.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5001236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:58,5002901","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.913.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5004558","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.913.439, Length: 8.760"
"12:26:58,5006843","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:58,5008131","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.922.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5012455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:58,5018030","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:58,5023255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 69.632, Length: 1.920"
"12:26:58,5025657","svchost.exe","512","ReadFile","C:\Windows\System32\wbem\repository\INDEX.BTR","SUCCESS","Offset: 1.867.776, Length: 8.192"
"12:26:58,5049897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 58.476, Length: 4.096"
"12:26:58,5061079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 64.512, Length: 4.096"
"12:26:58,5144820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 64.000, Length: 4.096"
"12:26:58,5188946","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5192585","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5193803","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,5195725","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976083, endtime: 976083, seqnum: 0, connid: 0"
"12:26:58,5198178","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,5201411","svchost.exe","512","RegOpenKey","HKLM\system\Setup","SUCCESS","Desired Access: Read"
"12:26:58,5205414","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,5208213","svchost.exe","512","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:26:58,5211399","svchost.exe","512","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:26:58,5221013","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5223873","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5225837","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5227451","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5229028","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5231878","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5234243","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976083, endtime: 976083, seqnum: 0, connid: 0"
"12:26:58,5261422","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.922.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5264239","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.922.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5266250","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.922.199, Length: 2.920"
"12:26:58,5269856","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.925.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5286230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,5306747","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.925.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5309994","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.925.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5312368","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.925.119, Length: 2.920"
"12:26:58,5315242","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.928.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5346899","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.928.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5349698","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.928.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5351302","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.928.039, Length: 5.840"
"12:26:58,5354167","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.933.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5755394","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,5756583","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:52835 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 45, seqnum: 0, connid: 0"
"12:26:58,5760236","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,5763851","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:58,5766688","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:58,5768689","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:58,5770672","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:58,5772715","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:58,5812829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:58,5819206","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,5851763","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:58,5873745","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5876926","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5878582","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5880546","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5881825","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5882655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,5886158","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5888160","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5889433","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5889918","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 710.430, Length: 16.200"
"12:26:58,5890987","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5892242","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5895409","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5897061","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,5899421","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 17520, startime: 976084, endtime: 976084, seqnum: 0, connid: 0"
"12:26:58,5914783","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,5919518","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976084, endtime: 976084, seqnum: 0, connid: 0"
"12:26:58,5924010","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\volmgrx.sys","NO SUCH FILE","Filter: volmgrx.sys"
"12:26:58,5927126","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 3472, seqnum: 0, connid: 0"
"12:26:58,5928339","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 3828, seqnum: 0, connid: 0"
"12:26:58,5928783","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:58,5950083","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,5955312","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Filter: volmgrx.sys, 1: volmgrx.sys"
"12:26:58,5960523","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:58,5992931","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.933.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5995781","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.933.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,5996621","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,5998557","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.933.879, Length: 7.300"
"12:26:58,6002158","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.941.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6008325","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:58,6012323","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,6021159","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,6028749","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,6033591","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,6040794","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.941.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6043607","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.941.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6045963","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.941.179, Length: 16.060"
"12:26:58,6050003","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.957.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6069316","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,6073659","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:58,6078874","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:58,6086091","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,6090182","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,6093760","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,6109001","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,6112985","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:58,6116208","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,6140303","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:59747 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 45, seqnum: 0, connid: 0"
"12:26:58,6140723","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6143596","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976084, endtime: 976084, seqnum: 0, connid: 0"
"12:26:58,6153216","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6155548","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976084, endtime: 976084, seqnum: 0, connid: 0"
"12:26:58,6160017","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 348.780, Length: 4.096"
"12:26:58,6163642","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 348.160, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,6182195","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:59747 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 320, seqnum: 0, connid: 0"
"12:26:58,6184770","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6188394","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976084, endtime: 976084, seqnum: 0, connid: 0"
"12:26:58,6198303","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:58,6198410","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.957.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6198844","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6201629","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976084, endtime: 976084, seqnum: 0, connid: 0"
"12:26:58,6204097","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.957.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6206471","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.957.239, Length: 1.460"
"12:26:58,6209685","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.958.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6237237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,6240568","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.958.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6243857","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.958.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6246259","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.958.699, Length: 1.460"
"12:26:58,6249473","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.960.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6271945","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.960.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6274711","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.960.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6276712","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.960.159, Length: 1.460"
"12:26:58,6279483","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.961.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6289802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 356.352, Length: 7.040"
"12:26:58,6295503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 356.352, Length: 7.040, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,6299225","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.961.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6303209","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.961.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6305649","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.961.619, Length: 1.460"
"12:26:58,6309185","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.963.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6311107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 348.672, Length: 4.096"
"12:26:58,6317512","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:26:58,6327621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 352.768, Length: 4.096"
"12:26:58,6353242","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 356.864, Length: 4.096"
"12:26:58,6356199","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:50376 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 44, seqnum: 0, connid: 0"
"12:26:58,6356904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:58,6360897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 353.280, Length: 4.096"
"12:26:58,6372960","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,6382178","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:50376 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 300, seqnum: 0, connid: 0"
"12:26:58,6388980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:58,6389941","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:49420 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:26:58,6414596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 360.448, Length: 2.944"
"12:26:58,6417992","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:49420 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 321, seqnum: 0, connid: 0"
"12:26:58,6423109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:26:58,6426832","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:52835 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 127, seqnum: 0, connid: 0"
"12:26:58,6472805","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,6478054","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 4.096, Length: 57.752"
"12:26:58,6481244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 61.848, Length: 61.440"
"12:26:58,6485270","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 123.288, Length: 61.440"
"12:26:58,6508875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 184.728, Length: 61.440"
"12:26:58,6513260","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 246.168, Length: 61.440"
"12:26:58,6532256","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 307.608, Length: 48.744"
"12:26:58,6534108","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6537378","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6539366","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6541320","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6542948","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6546573","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6548551","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6550202","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6552591","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 11680, startime: 976084, endtime: 976084, seqnum: 0, connid: 0"
"12:26:58,6601611","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.963.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6604834","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.963.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6607204","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.963.079, Length: 2.920"
"12:26:58,6610404","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.965.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6683104","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.965.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6685884","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.965.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6687909","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.965.999, Length: 8.760"
"12:26:58,6692672","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.974.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6715180","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:62514 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 45, seqnum: 0, connid: 0"
"12:26:58,6733416","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:62514 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 320, seqnum: 0, connid: 0"
"12:26:58,6821038","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6824294","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976085, endtime: 976085, seqnum: 0, connid: 0"
"12:26:58,6839069","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6841490","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,6843533","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976085, endtime: 976085, seqnum: 0, connid: 0"
"12:26:58,6880279","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.974.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6882453","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 357.739, Length: 4.096"
"12:26:58,6884249","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.974.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6886661","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.974.759, Length: 1.460"
"12:26:58,6889866","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.976.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6913499","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.976.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6917049","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 406.978.560, EndOfFile: 406.976.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6921928","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.976.219, Length: 2.920, Priority: Normal"
"12:26:58,6946499","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.979.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,6953860","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 348.780, Length: 4.096"
"12:26:58,6956659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,6963876","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 113.152, Length: 4.096"
"12:26:58,6967524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 348.780, Length: 4.096"
"12:26:58,7002031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:26:58,7078229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 355.328, Length: 4.096"
"12:26:58,7128798","ALMon.exe","1560","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,7133169","ALMon.exe","1560","RegOpenKey","HKLM\Software\Wow6432Node\Sophos\SAVService\PP","SUCCESS","Desired Access: Read"
"12:26:58,7137204","ALMon.exe","1560","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:58,7140054","ALMon.exe","1560","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:26:58,7143268","ALMon.exe","1560","RegCreateKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP\Message","ACCESS DENIED","Desired Access: Query Value, Notify"
"12:26:58,7145928","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,7148824","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976085, endtime: 976085, seqnum: 0, connid: 0"
"12:26:58,7166668","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,7169038","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,7169094","ALMon.exe","1560","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:26:58,7170643","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,7171912","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:58,7172775","ALMon.exe","1560","RegCreateKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP\Message","ACCESS DENIED","Desired Access: Query Value, Notify"
"12:26:58,7173913","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976085, endtime: 976085, seqnum: 0, connid: 0"
"12:26:58,7194187","ALMon.exe","1560","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS",""
"12:26:58,7206232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volmgrx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,7212796","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.979.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,7216355","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.979.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,7218771","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.979.139, Length: 1.460"
"12:26:58,7222009","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.980.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,7248394","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.980.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,7251571","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.980.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,7253932","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.980.599, Length: 5.840"
"12:26:58,7257178","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.986.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:58,7493008","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:54859 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:26:58,7512093","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:54859 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 321, seqnum: 0, connid: 0"
"12:26:58,7537778","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,7542182","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,7545359","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:58,7548204","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:58,7550574","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:58,7552622","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:58,7555384","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:58,7595536","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Synchronous"
"12:26:58,7600354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,7618189","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui","SUCCESS","Offset: 184, Length: 2.376"
"12:26:58,7639900","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui","SUCCESS","Offset: 0, Length: 2.560"
"12:26:58,7647079","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.799.880, Length: 16.200"
"12:26:58,7659903","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:58808 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:26:58,7671580","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,7675657","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:64786 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 42, seqnum: 0, connid: 0"
"12:26:58,7677206","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\volmgrx.sys.mui","NO SUCH FILE","Filter: volmgrx.sys.mui"
"12:26:58,7681190","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:58,7702649","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:61917 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:26:58,7703297","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,7708494","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui","SUCCESS","Filter: volmgrx.sys.mui, 1: volmgrx.sys.mui"
"12:26:58,7713299","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:58,7715939","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:51761 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:26:58,7727667","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:58808 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 321, seqnum: 0, connid: 0"
"12:26:58,7731212","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:64786 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 99, seqnum: 0, connid: 0"
"12:26:58,7734035","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:61917 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 125, seqnum: 0, connid: 0"
"12:26:58,7736031","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:51761 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 160, seqnum: 0, connid: 0"
"12:26:58,7758932","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,7767786","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:58,7770963","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,7780638","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,7786199","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,7791022","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,7831286","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,7841423","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:58,7849004","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:58,7857923","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:53636","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:26:58,7858627","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:53210","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:26:58,7859033","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,7861277","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:60336","SUCCESS","Length: 42, seqnum: 0, connid: 0"
"12:26:58,7864295","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:58,7869105","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:58,7878248","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:55607 -> 224.0.0.252:llmnr","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:26:58,7878766","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:61703 -> 224.0.0.252:llmnr","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:26:58,7879737","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:60307 -> 224.0.0.252:llmnr","SUCCESS","Length: 42, seqnum: 0, connid: 0"
"12:26:58,7888362","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,7892743","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:58,7896367","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,8232546","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,8236152","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:58,8239795","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:58,8244269","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:26:58,8250077","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:58,8254121","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,8257653","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:58,8261287","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:58,8264912","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:26:58,8268112","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:58,8270915","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,8273724","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:58,8277367","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:58,8283362","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:26:58,8286982","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:58,8290620","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,8294198","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:26:58,8297842","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:26:58,8301499","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:26:58,8304671","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:26:58,8328295","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:61703 -> buntes207.wohnheim.uni-kl.de:llmnr","SUCCESS","Length: 182, seqnum: 0, connid: 0"
"12:26:58,8833930","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:53210","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:26:58,8835166","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:60336","SUCCESS","Length: 42, seqnum: 0, connid: 0"
"12:26:58,8846026","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:60307 -> 224.0.0.252:llmnr","SUCCESS","Length: 42, seqnum: 0, connid: 0"
"12:26:58,8847612","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:55607 -> 224.0.0.252:llmnr","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:26:58,9180026","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,9184033","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,9186394","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:58,9189202","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,9191208","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,9193205","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,9194823","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:58,9197240","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:58,9199666","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:58,9201252","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,9202861","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:58,9204475","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:58,9776838","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:58,9781200","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:58,9783639","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:58,9786014","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:58,9787665","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:58,9789639","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:58,9791659","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:58,9827719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:58,9832533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:58,9850741","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:58,9881119","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:58,9887520","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.821.614, Length: 16.200"
"12:26:58,9909548","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,9915211","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\mountmgr.sys","NO SUCH FILE","Filter: mountmgr.sys"
"12:26:58,9918859","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:58,9946355","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,9950838","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Filter: mountmgr.sys, 1: mountmgr.sys"
"12:26:58,9955200","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:58,9981706","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,9987327","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:58,9989347","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:58,9996116","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:58,9999774","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,0002997","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,0033819","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,0038236","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:59,0040303","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:59,0049778","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,0056509","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,0061356","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,0078589","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,0082661","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:59,0086599","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,0113912","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 81.832, Length: 4.096"
"12:26:59,0119170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:59,0138833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 80.608, Length: 4.096"
"12:26:59,0157656","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,0202729","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 87.552, Length: 7.040"
"12:26:59,0209139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 80.384, Length: 4.096"
"12:26:59,0212404","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 84.480, Length: 4.096"
"12:26:59,0215217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 82.432, Length: 4.096"
"12:26:59,0218422","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:26:59,0249076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 87.552, Length: 4.096"
"12:26:59,0254273","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 84.992, Length: 4.096"
"12:26:59,0263934","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,0281600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 87.552, Length: 4.096"
"12:26:59,0310691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 91.648, Length: 2.944"
"12:26:59,0317525","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:59,0365286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,0370501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 4.096, Length: 57.736"
"12:26:59,0373673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 61.832, Length: 25.720"
"12:26:59,0464911","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 88.939, Length: 4.096"
"12:26:59,0531094","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 81.832, Length: 4.096"
"12:26:59,0535875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,0544300","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 12.800, Length: 4.096"
"12:26:59,0547482","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 81.832, Length: 4.096"
"12:26:59,0551932","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,0557185","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:59,0562386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:59,0567593","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:59,0572789","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:59,0577996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:59,0587363","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:59,0595321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:59,0603644","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:59,0610063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:59,0615637","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:59,0620858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:59,0626908","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:59,0632483","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:59,0637689","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:59,0642587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:59,0647784","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:59,0652990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:59,0658192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:59,0663393","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:59,0668590","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:59,0673469","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:59,0678671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:59,0684316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 94.208, Length: 384"
"12:26:59,0698707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 81.832, Length: 4.096"
"12:26:59,0703535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,0707976","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:59,0712767","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:59,0717190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:59,0721603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:59,0726781","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:59,0731208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:59,0735621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:26:59,0740034","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:26:59,0744438","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:26:59,0748847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:26:59,0753255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:26:59,0757654","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:26:59,0761745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:26:59,0766149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:26:59,0770548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:26:59,0774952","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:26:59,0779356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:26:59,0783755","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:26:59,0788154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:59,0792240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:26:59,0796639","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:26:59,0801039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:26:59,0805442","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 94.208, Length: 384"
"12:26:59,0822264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 81.832, Length: 4.096"
"12:26:59,0830661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 87.552, Length: 4.096"
"12:26:59,0902558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 87.040, Length: 4.096"
"12:26:59,1019309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mountmgr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,1363278","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,1367323","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,1369758","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:59,1372123","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:59,1373765","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:59,1375738","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:59,1377749","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:59,1412676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Synchronous"
"12:26:59,1417462","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,1436230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui","SUCCESS","Offset: 184, Length: 2.376"
"12:26:59,1454731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui","SUCCESS","Offset: 0, Length: 2.560"
"12:26:59,1460315","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.672.574, Length: 16.200"
"12:26:59,1481200","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,1485986","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\mountmgr.sys.mui","NO SUCH FILE","Filter: mountmgr.sys.mui"
"12:26:59,1488827","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:59,1504847","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,1508887","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui","SUCCESS","Filter: mountmgr.sys.mui, 1: mountmgr.sys.mui"
"12:26:59,1512875","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:59,1539755","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,1545017","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:59,1547028","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,1553433","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,1557062","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,1560598","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,1587543","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,1591098","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:59,1592726","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:59,1598767","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,1602373","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,1605592","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,1618846","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,1622783","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:59,1626062","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,2947755","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:26:59,2952149","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:26:59,2955732","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:26:59,2958610","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:26:59,2960994","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:26:59,2963014","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:59,2965444","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:59,2967809","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:59,2969853","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:59,2972246","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:59,2974602","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:59,2977004","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:59,2978646","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:59,2981007","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:59,2982649","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:59,2984622","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:59,2986311","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,2988251","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:59,2990295","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:26:59,2992310","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:26:59,2995090","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:26:59,2997470","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:26:59,2999480","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:59,3001505","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:26:59,3003138","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:26:59,3005167","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:59,3007103","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:26:59,3008754","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:59,3010751","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3012374","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:26:59,3014366","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3021597","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3024018","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3033236","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3035615","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:59,3038050","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3040420","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3042435","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3044479","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3046485","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3048854","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3050842","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:59,3052871","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3054513","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:59,3058077","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3060102","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3062458","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3064468","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:59,3066521","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3068527","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3070533","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3072553","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3074899","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3076952","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3078925","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:59,3080926","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3082568","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:59,3094674","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3097566","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3101102","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3103155","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:59,3105954","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3108324","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3110339","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3112364","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3114356","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3116418","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3118386","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:26:59,3120439","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3122394","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:59,3133865","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3136748","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3140288","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3142341","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:26:59,3144753","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3165848","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3169044","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3172253","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3174618","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:26:59,3177427","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3179465","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3181490","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3183836","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3185511","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:26:59,3187881","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3189859","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:26:59,3191897","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:26:59,3193535","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:26:59,3758905","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,3762959","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,3776473","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:49593 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 45, seqnum: 0, connid: 0"
"12:26:59,3778600","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:59,3781357","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:59,3788201","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:59,3790226","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:59,3792264","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:59,3795002","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:49593 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 320, seqnum: 0, connid: 0"
"12:26:59,3838760","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:59,3843201","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,3861595","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:59,3881655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,3887281","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 394.206, Length: 16.200"
"12:26:59,3891293","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 405.504, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,3920626","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,3927083","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\atapi.sys","NO SUCH FILE","Filter: atapi.sys"
"12:26:59,3930287","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:59,3946704","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,3950688","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Filter: atapi.sys, 1: atapi.sys"
"12:26:59,3954699","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:59,3980809","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,3986393","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:59,3988409","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,3994464","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,3998079","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,4001303","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,4028910","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,4032138","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:59,4033757","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:59,4039789","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,4043376","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,4046591","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,4059802","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,4063413","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:59,4066622","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,4093161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 14.436, Length: 4.096"
"12:26:59,4098750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:59,4130421","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,4170199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 16.896, Length: 7.232"
"12:26:59,4176226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 14.336, Length: 4.096"
"12:26:59,4179804","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:59,4191033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 16.896, Length: 4.096"
"12:26:59,4195008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 15.872, Length: 4.096"
"12:26:59,4202691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,4218272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 16.896, Length: 4.096"
"12:26:59,4240739","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 20.992, Length: 3.136"
"12:26:59,4246346","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:59,4289348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,4294554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 4.096, Length: 12.800"
"12:26:59,4323785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 18.268, Length: 4.096"
"12:26:59,4387210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 14.436, Length: 4.096"
"12:26:59,4389627","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,4396853","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 13.312, Length: 4.096"
"12:26:59,4432946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 17.408, Length: 4.096"
"12:26:59,4435801","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 16.896, Length: 4.096"
"12:26:59,4578191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,4630667","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:26:59,4633475","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:59,4635841","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:26:59,4639064","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:59,4642675","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:26:59,5028778","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,5032813","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,5035561","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:59,5037628","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:59,5039596","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:59,5041243","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:59,5043576","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:59,5077336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:59,5082146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,5118668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:26:59,5149700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,5156100","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.858.686, Length: 16.200"
"12:26:59,5178212","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,5179080","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,5182737","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,5183796","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\ataport.SYS","NO SUCH FILE","Filter: ataport.SYS"
"12:26:59,5185149","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:59,5187010","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:59,5187939","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:59,5189959","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,5191960","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,5193579","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:59,5196317","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:59,5198715","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:59,5199984","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,5201593","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:59,5203482","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,5203977","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:59,5207494","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\ataport.SYS","SUCCESS","Filter: ataport.SYS, 1: ataport.sys"
"12:26:59,5211492","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:59,5241176","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,5247529","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:59,5249554","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,5256029","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,5259994","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,5263255","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,5290093","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,5293330","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:59,5294954","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:59,5301779","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,5305772","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,5309327","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,5322613","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,5327394","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:59,5330641","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,5355925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 132.720, Length: 4.096"
"12:26:59,5359139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 131.072, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,5370307","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:26:59,5386374","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 132.616, Length: 4.096"
"12:26:59,5402851","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,5447779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 148.480, Length: 7.104"
"12:26:59,5450975","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 147.456, Length: 8.128, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,5465553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 130.560, Length: 4.096"
"12:26:59,5483564","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 136.704, Length: 4.096"
"12:26:59,5486783","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 139.264, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,5499220","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 134.656, Length: 4.096"
"12:26:59,5503255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:26:59,5538583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 148.480, Length: 4.096"
"12:26:59,5543379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 137.728, Length: 4.096"
"12:26:59,5554612","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,5572251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 148.480, Length: 4.096"
"12:26:59,5595109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 21.504, Length: 4.096"
"12:26:59,5609174","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 148.480, Length: 4.096"
"12:26:59,5614786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 152.576, Length: 3.008"
"12:26:59,5619969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:26:59,5663363","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,5668569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 4.096, Length: 57.760"
"12:26:59,5671741","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 61.856, Length: 61.440"
"12:26:59,5674983","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 123.296, Length: 25.184"
"12:26:59,5777851","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,5780981","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,5782987","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976094, endtime: 976094, seqnum: 0, connid: 0"
"12:26:59,5795429","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,5797052","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,5797911","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,5799469","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976094, endtime: 976094, seqnum: 0, connid: 0"
"12:26:59,5829213","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 149.832, Length: 4.096"
"12:26:59,5857464","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.986.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,5861117","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.986.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,5863501","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.986.439, Length: 2.920"
"12:26:59,5867536","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.989.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,5896277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 132.720, Length: 4.096"
"12:26:59,5899090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,5907081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 83.968, Length: 4.096"
"12:26:59,5910262","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 132.720, Length: 4.096"
"12:26:59,5944755","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 148.480, Length: 4.096"
"12:26:59,5965589","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.989.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,5968370","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.989.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,5969993","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.989.359, Length: 4.380"
"12:26:59,5973179","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.993.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6013378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 141.824, Length: 4.096"
"12:26:59,6095160","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6097968","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6099974","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976094, endtime: 976094, seqnum: 0, connid: 0"
"12:26:59,6112411","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6114030","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6115205","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6116768","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976094, endtime: 976094, seqnum: 0, connid: 0"
"12:26:59,6126149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ataport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,6162639","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.993.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6165914","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.993.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6168284","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.993.739, Length: 2.920"
"12:26:59,6172296","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.996.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6205314","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.996.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6208575","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 406.996.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6210539","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 406.996.659, Length: 4.380"
"12:26:59,6213730","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.001.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6296660","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,6301040","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,6303494","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:59,6306288","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:59,6308635","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,6310641","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,6312269","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:59,6314676","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:59,6317083","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:59,6318343","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,6319952","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:59,6321893","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:59,6443780","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6446943","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6448958","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976094, endtime: 976094, seqnum: 0, connid: 0"
"12:26:59,6451332","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,6455358","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,6458106","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:59,6460154","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:59,6461801","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6462118","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:59,6463429","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6463755","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:59,6464604","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6465780","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:59,6465859","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976094, endtime: 976094, seqnum: 0, connid: 0"
"12:26:59,6500637","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ataport.sys.mui","SUCCESS","Offset: 0, Length: 3.584, I/O Flags: Synchronous"
"12:26:59,6505092","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ataport.sys.mui","SUCCESS","Offset: 0, Length: 3.584, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,6508843","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.001.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6511301","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.001.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6513298","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.001.039, Length: 2.920"
"12:26:59,6516488","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.003.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6521881","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ataport.sys.mui","SUCCESS","Offset: 184, Length: 3.400"
"12:26:59,6540760","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ataport.sys.mui","SUCCESS","Offset: 0, Length: 3.584"
"12:26:59,6546386","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.325.894, Length: 16.200"
"12:26:59,6547987","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.003.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6550781","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.003.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6552409","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.003.959, Length: 4.380"
"12:26:59,6555595","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.008.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6569226","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,6573667","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\ataport.SYS.mui","NO SUCH FILE","Filter: ataport.SYS.mui"
"12:26:59,6576494","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:26:59,6592500","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,6596153","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\ataport.SYS.mui","SUCCESS","Filter: ataport.SYS.mui, 1: ataport.sys.mui"
"12:26:59,6599796","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:26:59,6627446","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,6633044","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:59,6635059","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,6641445","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,6645065","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,6648298","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,6674403","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,6677967","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:59,6679596","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:59,6685618","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,6689215","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,6692434","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,6705668","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,6709279","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:59,6712479","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,6766127","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6768954","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6770969","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976094, endtime: 976094, seqnum: 0, connid: 0"
"12:26:59,6784595","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6786527","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6787385","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,6788626","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976094, endtime: 976095, seqnum: 0, connid: 0"
"12:26:59,6920580","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.008.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6924620","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.008.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6927419","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.008.339, Length: 2.920"
"12:26:59,6943518","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.011.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6972236","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.011.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6975795","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.011.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,6977446","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.011.259, Length: 4.380"
"12:26:59,6980637","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.015.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7091669","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7094505","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7096525","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976095, endtime: 976095, seqnum: 0, connid: 0"
"12:26:59,7108897","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7111770","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976095, endtime: 976095, seqnum: 0, connid: 0"
"12:26:59,7160828","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.015.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7163995","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.015.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7165623","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.015.639, Length: 2.920"
"12:26:59,7168473","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.018.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7198180","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.018.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7201343","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.018.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7203008","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.018.559, Length: 1.460"
"12:26:59,7206932","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.020.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7406687","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7410274","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976095, endtime: 976095, seqnum: 0, connid: 0"
"12:26:59,7448784","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7450813","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7452007","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7453985","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976095, endtime: 976095, seqnum: 0, connid: 0"
"12:26:59,7518157","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.020.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7520965","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.020.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7522603","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.020.019, Length: 5.840"
"12:26:59,7532633","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.025.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7570928","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,7574594","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,7577333","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:59,7579395","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:59,7581363","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:59,7583337","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:59,7585366","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:59,7620703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:59,7625951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,7643375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:59,7667293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,7673348","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.224.806, Length: 16.200"
"12:26:59,7695380","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,7699836","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\msahci.sys","NO SUCH FILE","Filter: msahci.sys"
"12:26:59,7702998","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:59,7719032","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,7722713","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Filter: msahci.sys, 1: msahci.sys"
"12:26:59,7727508","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:59,7743617","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7746448","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7748795","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976095, endtime: 976095, seqnum: 0, connid: 0"
"12:26:59,7753618","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,7758908","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7759184","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:59,7760849","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,7761194","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,7762104","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976095, endtime: 976095, seqnum: 0, connid: 0"
"12:26:59,7767576","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,7771201","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,7774429","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,7800548","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,7803762","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:59,7805708","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:59,7811754","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,7815355","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,7818970","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,7833385","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,7837029","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:59,7839254","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.025.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7840252","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,7843261","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.025.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7845262","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.025.859, Length: 2.920"
"12:26:59,7848518","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.028.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7866689","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 21.604, Length: 4.096"
"12:26:59,7872329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:59,7884966","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.028.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7886991","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.028.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7888586","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.028.779, Length: 2.920"
"12:26:59,7890975","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.031.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,7903211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,7944925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 24.064, Length: 7.040"
"12:26:59,7950187","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 21.504, Length: 4.096"
"12:26:59,7953411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 18.944, Length: 4.096"
"12:26:59,7964182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 24.064, Length: 4.096"
"12:26:59,7968176","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 22.528, Length: 4.096"
"12:26:59,7976279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,7985068","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 24.064, Length: 4.096"
"12:26:59,8005930","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 28.160, Length: 2.944"
"12:26:59,8011528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:26:59,8053307","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,8058499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 4.096, Length: 19.968"
"12:26:59,8093361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 25.451, Length: 4.096"
"12:26:59,8141000","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8144942","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976096, endtime: 976096, seqnum: 0, connid: 0"
"12:26:59,8162240","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8164213","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8165081","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8166242","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8167087","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8168654","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976096, endtime: 976096, seqnum: 0, connid: 0"
"12:26:59,8170240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 21.604, Length: 4.096"
"12:26:59,8174653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,8177653","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,8181291","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,8183661","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:26:59,8185145","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 19.968, Length: 4.096"
"12:26:59,8188644","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:59,8192777","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,8194083","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,8198053","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,8200815","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:59,8201314","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:26:59,8204481","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:26:59,8207290","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:26:59,8208792","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:59,8208922","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,8210550","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:26:59,8212958","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:26:59,8213867","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.031.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8216382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:59,8216708","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.031.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8219465","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.031.699, Length: 1.460"
"12:26:59,8222665","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.033.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8224475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:59,8234547","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:59,8243299","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:59,8251640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 28.672, Length: 2.432"
"12:26:59,8260195","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.033.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8262682","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.033.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8264632","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.033.159, Length: 7.300"
"12:26:59,8267874","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.040.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8271643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 21.604, Length: 4.096"
"12:26:59,8277274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,8282905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:26:59,8288517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:26:59,8294124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:26:59,8299391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:26:59,8304984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:26:59,8310582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:26:59,8315844","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 28.672, Length: 2.432"
"12:26:59,8340153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 21.604, Length: 4.096"
"12:26:59,8474048","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8476871","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8478895","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976096, endtime: 976096, seqnum: 0, connid: 0"
"12:26:59,8498642","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msahci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,8502169","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8504641","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8506241","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8508173","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8510211","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976096, endtime: 976096, seqnum: 0, connid: 0"
"12:26:59,8651631","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.040.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8654476","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.040.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8656440","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.040.459, Length: 2.920"
"12:26:59,8659272","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.043.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8780123","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.043.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8782960","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.044.096, EndOfFile: 407.043.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8786976","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.043.379, Length: 5.840, Priority: Normal"
"12:26:59,8791879","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8795112","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976097, endtime: 976097, seqnum: 0, connid: 0"
"12:26:59,8812489","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.049.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8815190","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8817150","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8818367","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8819552","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8820406","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:26:59,8821992","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976097, endtime: 976097, seqnum: 0, connid: 0"
"12:26:59,8985355","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.049.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8989750","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.049.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,8994811","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.049.219, Length: 8.760"
"12:26:59,8999644","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.057.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:26:59,9037823","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:26:59,9042698","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,9045860","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:26:59,9048720","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:59,9051486","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:26:59,9053922","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:26:59,9056338","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:26:59,9099611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:26:59,9104481","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,9122548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:59,9147105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,9153053","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.995.602, Length: 16.200"
"12:26:59,9156323","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.994.176, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:26:59,9185545","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,9190364","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\PCIIDEX.SYS","NO SUCH FILE","Filter: PCIIDEX.SYS"
"12:26:59,9193536","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:26:59,9209191","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,9212839","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\PCIIDEX.SYS","SUCCESS","Filter: PCIIDEX.SYS, 1: pciidex.sys"
"12:26:59,9216823","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:26:59,9244515","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,9249740","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:26:59,9251741","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,9258113","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,9261733","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,9264962","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,9290647","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,9293852","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:26:59,9295480","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:26:59,9301479","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,9305076","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:26:59,9308285","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:26:59,9321161","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:26:59,9326316","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:26:59,9329548","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:26:59,9355668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 36.976, Length: 4.096"
"12:26:59,9361616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:59,9378050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 36.872, Length: 4.096"
"12:26:59,9394593","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,9438672","svchost.exe","948","UDP Receive","239.255.255.250:ws-discovery -> buntes091.wohnheim.uni-kl.de:57827","SUCCESS","Length: 658, seqnum: 0, connid: 0"
"12:26:59,9443067","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 41.472, Length: 7.248"
"12:26:59,9443542","svchost.exe","948","UDP Receive","239.255.255.250:ws-discovery -> buntes091.wohnheim.uni-kl.de:57827","SUCCESS","Length: 658, seqnum: 0, connid: 0"
"12:26:59,9454393","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 34.304, Length: 4.096"
"12:26:59,9465039","svchost.exe","948","ReadFile","C:\Windows\System32\WSDApi.dll","SUCCESS","Offset: 560.128, Length: 12.800, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:59,9475591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 38.400, Length: 4.096"
"12:26:59,9475638","svchost.exe","948","ReadFile","C:\Windows\System32\WSDApi.dll","SUCCESS","Offset: 536.576, Length: 7.168, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:26:59,9481651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 12.800, Length: 4.096"
"12:26:59,9483293","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:59,9488709","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,9491144","svchost.exe","948","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001","SUCCESS","Desired Access: Read"
"12:26:59,9494372","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:26:59,9496761","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider"
"12:26:59,9498757","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider"
"12:26:59,9500745","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider"
"12:26:59,9502345","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider"
"12:26:59,9504337","svchost.exe","948","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider Types\Type 001","SUCCESS",""
"12:26:59,9506385","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:59,9508736","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,9510401","svchost.exe","948","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider","SUCCESS","Desired Access: Read"
"12:26:59,9511731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 41.472, Length: 4.096"
"12:26:59,9512822","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:26:59,9514744","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:26:59,9516391","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll"
"12:26:59,9516559","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 39.936, Length: 4.096"
"12:26:59,9518000","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll"
"12:26:59,9519615","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll"
"12:26:59,9521210","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll"
"12:26:59,9526598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,9528851","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:59,9531258","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,9533250","svchost.exe","948","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"12:26:59,9535639","svchost.exe","948","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:26:59,9537295","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:26:59,9539240","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: deaa1ea2-175e-449e-af27-1655b36bbdf3"
"12:26:59,9540882","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: deaa1ea2-175e-449e-af27-1655b36bbdf3"
"12:26:59,9542842","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: deaa1ea2-175e-449e-af27-1655b36bbdf3"
"12:26:59,9544451","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: deaa1ea2-175e-449e-af27-1655b36bbdf3"
"12:26:59,9546527","svchost.exe","948","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Cryptography","SUCCESS",""
"12:26:59,9549331","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:26:59,9551682","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:26:59,9553119","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 41.472, Length: 4.096"
"12:26:59,9553669","svchost.exe","948","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"12:26:59,9558203","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:26:59,9563349","svchost.exe","948","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider","SUCCESS",""
"12:26:59,9577190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 3.072, Length: 4.096"
"12:26:59,9592361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 41.472, Length: 4.096"
"12:26:59,9598402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 45.568, Length: 3.152"
"12:26:59,9604023","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:26:59,9646181","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,9654913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 4.096, Length: 37.376"
"12:26:59,9708136","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 42.859, Length: 4.096"
"12:26:59,9775126","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 36.976, Length: 4.096"
"12:26:59,9777897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:26:59,9788762","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 14.848, Length: 4.096"
"12:26:59,9792806","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 36.976, Length: 4.096"
"12:26:59,9831320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 41.472, Length: 4.096"
"12:26:59,9919839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:00,0007713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pciidex.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,0620163","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:00,0624548","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:00,0627333","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:00,0629404","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:00,0631373","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:00,0633015","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:00,0635025","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:00,0669453","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:00,0673987","svchost.exe","948","UDP Receive","239.255.255.250:ws-discovery -> buntes091.wohnheim.uni-kl.de:57827","SUCCESS","Length: 658, seqnum: 0, connid: 0"
"12:27:00,0674300","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,0678372","svchost.exe","948","UDP Receive","239.255.255.250:ws-discovery -> buntes091.wohnheim.uni-kl.de:57827","SUCCESS","Length: 658, seqnum: 0, connid: 0"
"12:27:00,0707669","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:00,0739353","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,0749150","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 788.190, Length: 16.200"
"12:27:00,0772433","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,0777214","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\iaStorA.sys","NO SUCH FILE","Filter: iaStorA.sys"
"12:27:00,0780373","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:00,0796080","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,0800064","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Filter: iaStorA.sys, 1: iaStorA.sys"
"12:27:00,0804066","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:00,0832961","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,0838223","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:00,0840239","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,0847003","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,0850641","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,0853860","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:00,0879938","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,0883166","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:00,0885111","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:00,0891129","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,0894730","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,0897945","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:00,0910839","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,0914463","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:00,0917668","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,0944898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 652.400, Length: 4.096"
"12:27:00,0948522","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 651.264, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,0963460","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:00,0995490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,1036486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 671.744, Length: 8.176"
"12:27:00,1040036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 671.744, Length: 8.176, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,1056527","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 652.288, Length: 4.096"
"12:27:00,1062101","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 590.848, Length: 4.096"
"12:27:00,1065292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 589.824, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,1094724","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 655.872, Length: 4.096"
"12:27:00,1098325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 659.456, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,1123954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 671.744, Length: 4.096"
"12:27:00,1135948","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,1151972","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 671.744, Length: 4.096"
"12:27:00,1174089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 675.840, Length: 4.080"
"12:27:00,1180466","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:00,1221793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,1228259","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 4.096, Length: 57.752"
"12:27:00,1231455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 61.848, Length: 61.440"
"12:27:00,1235070","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 123.288, Length: 61.440"
"12:27:00,1257910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 184.728, Length: 61.440"
"12:27:00,1261488","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 246.168, Length: 61.440"
"12:27:00,1288643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 307.608, Length: 61.440"
"12:27:00,1307462","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 369.048, Length: 61.440"
"12:27:00,1310704","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 430.488, Length: 61.440"
"12:27:00,1319926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 491.928, Length: 61.440"
"12:27:00,1323169","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 553.368, Length: 61.440"
"12:27:00,1328314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 614.808, Length: 56.936"
"12:27:00,1908234","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 676.205, Length: 3.715"
"12:27:00,1978037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 652.400, Length: 4.096"
"12:27:00,1980854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,1989205","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 613.888, Length: 4.096"
"12:27:00,1992862","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 652.400, Length: 4.096"
"12:27:00,2026968","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 671.744, Length: 4.096"
"12:27:00,2098785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 657.920, Length: 4.096"
"12:27:00,2104015","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 662.016, Length: 4.096"
"12:27:00,2215896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorA.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,2854763","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:00,2859129","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:00,2861564","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:00,2863948","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:00,2865585","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:00,2867559","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:00,2869583","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:00,2902518","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:00,2907262","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,2941289","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:00,2970375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,2976048","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 640.446, Length: 16.200"
"12:27:00,2997656","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,3002102","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\storport.sys","NO SUCH FILE","Filter: storport.sys"
"12:27:00,3004948","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:00,3020925","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,3026187","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\storport.sys","SUCCESS","Filter: storport.sys, 1: storport.sys"
"12:27:00,3030213","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:00,3056281","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,3061847","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:00,3063848","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,3069917","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,3073528","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,3076751","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:00,3102787","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,3106005","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:00,3107638","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:00,3113675","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,3117271","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,3120807","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:00,3134485","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,3138101","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:00,3141310","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,3166557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 164.460, Length: 4.096"
"12:27:00,3169417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 163.840, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,3184317","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:00,3214817","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,3258154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 182.784, Length: 7.040"
"12:27:00,3261770","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 180.224, Length: 9.600, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,3276996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 161.792, Length: 4.096"
"12:27:00,3280621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 159.744, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,3307468","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 165.888, Length: 4.096"
"12:27:00,3312292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 111.616, Length: 4.096"
"12:27:00,3329174","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 168.448, Length: 4.096"
"12:27:00,3332379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 172.032, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,3361675","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 182.784, Length: 4.096"
"12:27:00,3366485","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 169.472, Length: 4.096"
"12:27:00,3377742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,3392973","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 182.784, Length: 4.096"
"12:27:00,3414255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 23.552, Length: 4.096"
"12:27:00,3428646","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 182.784, Length: 4.096"
"12:27:00,3434267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 186.880, Length: 2.944"
"12:27:00,3439142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:00,3484006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,3488899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 4.096, Length: 57.760"
"12:27:00,3492076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 61.856, Length: 61.440"
"12:27:00,3495304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 123.296, Length: 59.488"
"12:27:00,3680160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 184.171, Length: 4.096"
"12:27:00,3718678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 113.664, Length: 4.096"
"12:27:00,3754776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 164.460, Length: 4.096"
"12:27:00,3757981","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,3765986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 121.856, Length: 4.096"
"12:27:00,3769196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 164.460, Length: 4.096"
"12:27:00,3774038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,3779631","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:00,3784879","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:00,3790100","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:00,3796089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:00,3801347","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:00,3806558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:00,3811759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:00,3816965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:00,3822162","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:00,3829388","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:00,3836194","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:00,3842618","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:00,3847862","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:00,3853072","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:00,3858311","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:00,3863527","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:00,3869941","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:00,3876327","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:00,3881953","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:00,3887990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:00,3897101","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:00,3903520","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:00,3909094","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:00,3914319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:00,3919535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:00,3928645","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:00,3936287","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:00,3943503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:00,3949115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:00,3954336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:00,3959915","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:00,3965121","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:00,3970318","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:00,3975193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:00,3980749","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:00,3985633","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:00,3990844","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:00,3996041","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:00,4001275","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:00,4006476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:00,4011687","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:00,4017257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:00,4022137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:00,4031257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:00,4037708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:00,4043306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 188.416, Length: 1.408"
"12:27:00,4060180","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 164.460, Length: 4.096"
"12:27:00,4064989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,4069762","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:00,4074189","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:00,4078611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:00,4087503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:00,4092685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:00,4097131","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:00,4104749","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:00,4109554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:00,4114751","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:00,4119164","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:00,4128807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:00,4136882","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:00,4141705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:00,4146445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:00,4150858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:00,4154945","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:00,4159717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:00,4164139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:00,4168548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:00,4173348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:00,4177789","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:00,4182202","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:00,4186611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:00,4191019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:00,4195423","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:00,4199831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:00,4204240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:00,4208643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:00,4213047","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:00,4217134","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:00,4221533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:00,4227079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:00,4231898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:00,4236335","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:00,4241149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:00,4246411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:00,4251986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:00,4257234","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:00,4262823","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:00,4268061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:00,4273659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:00,4279234","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:00,4284515","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:00,4290099","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:00,4295342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:00,4300572","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 188.416, Length: 1.408"
"12:27:00,4320552","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 164.460, Length: 4.096"
"12:27:00,4328986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 182.784, Length: 4.096"
"12:27:00,4401210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 173.568, Length: 4.096"
"12:27:00,4528681","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\storport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,4633172","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:00,4637585","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:00,4640772","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:00,4645157","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:00,4649980","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:00,4984381","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,4992405","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:00,4996058","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:00,5017302","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:00,5070157","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5077397","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:27:00,5079403","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,5089936","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5097116","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:00,5101949","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,5118388","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5123193","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:00,5127219","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,5140841","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5144927","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:00,5148095","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,5161782","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5166186","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:00,5169353","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,5193462","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5198253","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:27:00,5200212","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,5223117","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5232760","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:27:00,5234397","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,5256048","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5260400","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:00,5262033","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,5284490","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5288511","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,5290139","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,5327357","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5334149","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,5337830","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:00,5364341","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:00,5368330","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:00,5370755","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:00,5373144","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:00,5374781","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:00,5376768","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:00,5377160","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5381830","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:00,5383943","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:00,5387517","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:00,5430719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:00,5431643","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5437731","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:00,5439961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,5444933","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:00,5456036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:00,5477630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,5482935","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.281.856, Length: 16.200"
"12:27:00,5484866","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5489731","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:00,5491714","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,5506535","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,5510976","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\amdxata.sys","NO SUCH FILE","Filter: amdxata.sys"
"12:27:00,5513826","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:00,5515384","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5516187","Windows7FirewallService.exe","2128","CreateFile","C:\SystemRoot\System32\smss.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:00,5519802","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:00,5521761","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,5532677","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,5537021","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Filter: amdxata.sys, 1: amdxata.sys"
"12:27:00,5541065","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:00,5548688","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5552718","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\csrss.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5553880","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:00,5555522","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:00,5562697","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5567600","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\csrss.exe","SUCCESS","CreationTime: 14.07.2009 01:19:49, LastAccessTime: 14.07.2009 01:19:49, LastWriteTime: 14.07.2009 03:39:02, ChangeTime: 11.05.2013 14:06:59, FileAttributes: A"
"12:27:00,5568341","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,5570375","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,5570781","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\csrss.exe","SUCCESS",""
"12:27:00,5576374","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5576421","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:00,5579197","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5581977","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,5585219","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,5589171","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,5591223","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:00,5592814","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,5593187","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,5593621","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,5600441","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:00,5609305","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5614893","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,5617711","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5618943","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,5624513","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:00,5630969","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:00,5639707","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:00,5640182","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,5640626","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5642128","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5d00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:00,5643798","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:00,5644577","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,5645771","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:00,5647418","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\csrss.exe","SUCCESS","Filter: csrss.exe, 1: csrss.exe"
"12:27:00,5651831","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,5652241","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,5655395","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5656211","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,5659813","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:00,5660984","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:00,5663414","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:00,5674307","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,5678636","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:00,5679028","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:00,5681911","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,5683156","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wininit.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5696792","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wininit.exe","SUCCESS","CreationTime: 14.07.2009 01:52:37, LastAccessTime: 14.07.2009 01:52:37, LastWriteTime: 14.07.2009 03:39:52, ChangeTime: 06.09.2013 09:34:00, FileAttributes: A"
"12:27:00,5699549","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wininit.exe","SUCCESS",""
"12:27:00,5706831","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5709173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 16.824, Length: 4.096"
"12:27:00,5712369","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,5714785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:00,5716371","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,5717174","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5722767","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:27:00,5725263","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,5732032","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5732060","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 15.880, Length: 4.096"
"12:27:00,5734042","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5736846","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:00,5739710","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,5740839","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,5744506","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,5750901","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,5754862","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5759308","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:00,5762573","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,5764957","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5771791","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wininit.exe","SUCCESS","Filter: wininit.exe, 1: wininit.exe"
"12:27:00,5776937","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5777399","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,5781359","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:00,5784601","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,5799077","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5803121","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 19.968, Length: 7.040"
"12:27:00,5803896","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:00,5807077","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,5811458","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 15.872, Length: 4.096"
"12:27:00,5814271","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\csrss.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5817140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 6.656, Length: 4.096"
"12:27:00,5831153","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5835977","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:27:00,5839177","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 19.968, Length: 4.096"
"12:27:00,5839956","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\csrss.exe","SUCCESS","CreationTime: 14.07.2009 01:19:49, LastAccessTime: 14.07.2009 01:19:49, LastWriteTime: 14.07.2009 03:39:02, ChangeTime: 11.05.2013 14:06:59, FileAttributes: A"
"12:27:00,5840381","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,5844799","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\csrss.exe","SUCCESS",""
"12:27:00,5845214","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 18.432, Length: 4.096"
"12:27:00,5853583","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5855276","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,5859209","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,5863253","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,5871286","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5874888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 19.968, Length: 4.096"
"12:27:00,5876465","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:27:00,5878102","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,5888314","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5896753","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,5899738","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 24.064, Length: 2.944"
"12:27:00,5900965","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5903223","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,5905313","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:00,5906213","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:00,5906964","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,5932057","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5939470","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5945549","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,5948679","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,5949467","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\csrss.exe","SUCCESS","Filter: csrss.exe, 1: csrss.exe"
"12:27:00,5955513","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,5961522","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,5967959","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 4.096, Length: 15.872"
"12:27:00,5978008","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,5982757","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,5984394","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:00,5988462","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\services.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6002872","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\services.exe","SUCCESS","CreationTime: 14.07.2009 01:19:46, LastAccessTime: 14.07.2009 01:19:46, LastWriteTime: 14.07.2009 03:39:37, ChangeTime: 11.05.2013 14:07:38, FileAttributes: A"
"12:27:00,6005648","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\services.exe","SUCCESS",""
"12:27:00,6006870","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6009286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 21.355, Length: 4.096"
"12:27:00,6010915","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:00,6012892","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:00,6013695","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6019312","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,6024098","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,6034916","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6038951","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:00,6040565","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:00,6061418","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6063410","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6067062","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,6067459","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:00,6069078","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,6071466","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,6084258","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6086688","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 16.824, Length: 4.096"
"12:27:00,6087490","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6089534","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6090322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,6090719","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6091540","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6093144","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6094731","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:00,6096345","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6096699","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,6098752","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976104, endtime: 976104, seqnum: 0, connid: 0"
"12:27:00,6099951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:00,6103986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 16.824, Length: 4.096"
"12:27:00,6109990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,6116791","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:00,6118009","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6122039","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:00,6123672","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:00,6125226","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:00,6131244","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6132093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:00,6134131","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6135671","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,6138502","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:00,6142463","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6142589","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\services.exe","SUCCESS","Filter: services.exe, 1: services.exe"
"12:27:00,6144119","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:00,6148084","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:00,6149684","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 24.576, Length: 2.432"
"12:27:00,6150109","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,6150183","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,6164976","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6165755","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 16.824, Length: 4.096"
"12:27:00,6170164","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,6171330","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:00,6173770","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:00,6174623","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:00,6179834","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:00,6182503","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:00,6184998","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:00,6186043","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5d00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:00,6188880","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,6189869","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:00,6195079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:00,6195513","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\lsass.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6200220","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 24.576, Length: 2.432"
"12:27:00,6208981","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:00,6210796","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\lsass.exe","SUCCESS","CreationTime: 11.05.2013 14:10:27, LastAccessTime: 11.05.2013 14:10:27, LastWriteTime: 17.11.2011 08:33:55, ChangeTime: 11.05.2013 14:55:06, FileAttributes: A"
"12:27:00,6213609","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\lsass.exe","SUCCESS",""
"12:27:00,6219510","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 16.824, Length: 4.096"
"12:27:00,6229950","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 20.920, Length: 4.096"
"12:27:00,6230417","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6233542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 19.968, Length: 4.096"
"12:27:00,6238832","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,6248899","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6249277","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,6256741","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:27:00,6259620","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,6268371","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6269803","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6274422","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:00,6275747","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,6278858","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,6280570","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,6301236","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6306284","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6308812","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:00,6313230","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,6313850","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\lsass.exe","SUCCESS","Filter: lsass.exe, 1: lsass.exe"
"12:27:00,6315810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 19.456, Length: 4.096"
"12:27:00,6319551","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,6345568","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6351604","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:00,6355252","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,6364787","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\lsm.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6371248","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6375097","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6376053","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:00,6377873","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6379277","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,6379907","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976104, endtime: 976104, seqnum: 0, connid: 0"
"12:27:00,6382771","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\lsm.exe","SUCCESS","CreationTime: 21.11.2010 05:23:53, LastAccessTime: 21.11.2010 05:23:53, LastWriteTime: 21.11.2010 05:23:53, ChangeTime: 11.05.2013 14:07:12, FileAttributes: A"
"12:27:00,6386848","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\lsm.exe","SUCCESS",""
"12:27:00,6395105","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6397153","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6398735","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6400745","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976104, endtime: 976104, seqnum: 0, connid: 0"
"12:27:00,6400871","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6408876","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,6415725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\amdxata.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,6416947","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,6421565","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6428833","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:27:00,6431655","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,6440566","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6449835","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,6455844","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,6468714","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6473547","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:27:00,6475208","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,6476323","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6483549","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\lsm.exe","SUCCESS","Filter: lsm.exe, 1: lsm.exe"
"12:27:00,6489539","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,6498015","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6502069","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:00,6503706","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,6527279","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6528156","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6535037","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,6537462","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,6544124","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:00,6548108","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:00,6558567","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6565714","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,6567080","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6570980","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,6571909","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,6573560","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:00,6590265","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6597473","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,6598840","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6603864","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,6604004","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:00,6606392","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:00,6626708","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6630524","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6634336","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:00,6636533","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:00,6638544","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:00,6639966","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,6662209","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6666580","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:00,6668208","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,6670452","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6684956","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:00,6687727","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:00,6691496","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6694962","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6697089","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:00,6699524","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,6700182","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,6704203","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,6728727","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6735538","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,6737031","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6740712","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,6742135","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6742624","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:00,6744649","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:00,6745722","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976104, endtime: 976104, seqnum: 0, connid: 0"
"12:27:00,6755005","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6759213","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6763407","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,6766024","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:00,6772056","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,6773903","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6775055","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6776334","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6777561","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6778741","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6779907","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,6781526","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976104, endtime: 976105, seqnum: 0, connid: 0"
"12:27:00,6783882","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:00,6786321","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,6804743","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6810388","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:00,6810589","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\atiesrxx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6815198","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:00,6818006","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:00,6818202","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\atiesrxx.exe","SUCCESS","CreationTime: 29.09.2011 11:50:12, LastAccessTime: 11.05.2013 13:23:48, LastWriteTime: 29.09.2011 11:50:12, ChangeTime: 22.09.2013 09:54:10, FileAttributes: A"
"12:27:00,6822214","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\atiesrxx.exe","SUCCESS",""
"12:27:00,6829585","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:00,6833624","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:00,6834184","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6838887","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,6841023","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,6846644","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,6867091","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6874327","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,6880335","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,6901178","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6908083","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\atiesrxx.exe","SUCCESS","Filter: atiesrxx.exe, 1: atiesrxx.exe"
"12:27:00,6914082","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,6955358","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\winlogon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6972669","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\winlogon.exe","SUCCESS","CreationTime: 21.11.2010 05:24:29, LastAccessTime: 21.11.2010 05:24:29, LastWriteTime: 21.11.2010 05:24:29, ChangeTime: 11.05.2013 14:07:46, FileAttributes: A"
"12:27:00,6977013","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\winlogon.exe","SUCCESS",""
"12:27:00,6987919","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,6995486","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,7001163","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,7021969","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7030777","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,7036463","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,7057302","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7064551","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\winlogon.exe","SUCCESS","Filter: winlogon.exe, 1: winlogon.exe"
"12:27:00,7070886","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,7071269","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7074436","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976105, endtime: 976105, seqnum: 0, connid: 0"
"12:27:00,7095112","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7097850","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7099483","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7101106","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7101862","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:00,7102734","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7105090","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976105, endtime: 976105, seqnum: 0, connid: 0"
"12:27:00,7115437","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7118357","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7120788","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7123144","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976105, endtime: 976105, seqnum: 0, connid: 0"
"12:27:00,7135949","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:00,7139924","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:00,7150681","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7150742","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7155850","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:27:00,7157613","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,7157870","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,7163235","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,7164662","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7169920","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:00,7173960","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,7183644","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7189946","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7190492","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:00,7194416","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:00,7196067","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,7198003","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,7213201","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7216159","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7217643","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:00,7220861","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,7222993","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:00,7228223","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,7236508","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7241294","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:00,7244909","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,7259903","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7274364","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:00,7276226","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7277135","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:00,7281418","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:27:00,7283825","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,7284375","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7289586","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,7293570","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,7307514","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7308829","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7313975","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:27:00,7315971","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,7316065","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:00,7320072","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,7336955","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7341256","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7342161","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:00,7346009","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:00,7346947","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,7347661","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,7371289","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7375343","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,7375478","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7378515","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,7390663","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:00,7391479","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7395057","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976105, endtime: 976105, seqnum: 0, connid: 0"
"12:27:00,7395113","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:00,7405917","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7406207","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7411874","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,7413848","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:00,7413941","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7415243","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,7416334","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7417972","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7419917","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7421727","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,7421979","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976105, endtime: 976105, seqnum: 0, connid: 0"
"12:27:00,7440051","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7442393","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7444016","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7446405","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7446465","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976105, endtime: 976105, seqnum: 0, connid: 0"
"12:27:00,7447916","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7453262","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,7453547","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:00,7455987","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:00,7458496","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,7474903","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7480114","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:00,7480856","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7484149","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,7485264","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:00,7487247","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:00,7510502","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7513460","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7514537","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:00,7516156","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,7527459","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:00,7529908","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:00,7538305","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7539849","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7544221","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:00,7544356","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,7545858","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,7548774","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,7574347","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7578830","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7583201","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,7584097","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:00,7586098","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:00,7588785","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,7593320","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7598143","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,7605355","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7607259","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7610981","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:00,7612871","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:00,7613332","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,7617270","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,7632039","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7640455","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:00,7643664","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:00,7653475","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:00,7657566","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7659530","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:00,7663570","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:00,7665916","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS","CreationTime: 22.07.2013 21:33:32, LastAccessTime: 22.07.2013 21:33:32, LastWriteTime: 16.05.2013 03:14:56, ChangeTime: 22.07.2013 21:33:32, FileAttributes: N"
"12:27:00,7666346","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,7670334","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS",""
"12:27:00,7675186","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7681577","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:00,7685206","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:00,7690795","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7697284","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT","SUCCESS","Filter: IDT, 1: IDT"
"12:27:00,7702037","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:00,7702900","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:00,7716116","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:00,7721327","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7721588","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:00,7726356","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:00,7728567","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM","SUCCESS","Filter: WDM, 1: WDM"
"12:27:00,7729589","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:00,7732430","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:00,7733368","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT","SUCCESS",""
"12:27:00,7734842","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:00,7737254","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:00,7740057","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:00,7740426","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7743994","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976105, endtime: 976105, seqnum: 0, connid: 0"
"12:27:00,7752205","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7761847","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM\STacSV64.exe","SUCCESS","Filter: STacSV64.exe, 1: stacsv64.exe"
"12:27:00,7764315","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7765290","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7768075","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7769699","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7771098","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM","SUCCESS",""
"12:27:00,7771299","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7772880","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,7774919","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976105, endtime: 976106, seqnum: 0, connid: 0"
"12:27:00,7780535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:00,7784944","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:00,7785788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,7787794","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,7795846","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7801061","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:00,7803137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:00,7805055","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,7811198","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7821475","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7829229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,7829686","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:00,7831323","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:00,7833646","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:00,7836847","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.718.258, Length: 16.200"
"12:27:00,7836982","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,7844124","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7851313","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,7854965","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7856934","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,7856957","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,7859840","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:00,7862122","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\fileinfo.sys","NO SUCH FILE","Filter: fileinfo.sys"
"12:27:00,7863470","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,7864967","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:00,7878668","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7882144","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7882190","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,7883464","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:00,7886207","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Filter: fileinfo.sys, 1: fileinfo.sys"
"12:27:00,7887107","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,7888973","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,7889855","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:00,7893806","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,7910278","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7911557","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7915620","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:00,7917113","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:00,7917602","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,7917896","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,7923056","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,7925953","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:00,7928789","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,7937606","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,7940876","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7942416","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,7945289","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:00,7946026","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:00,7947678","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,7956760","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\hpservice.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7962396","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\hpservice.exe","SUCCESS","CreationTime: 25.04.2012 14:02:52, LastAccessTime: 11.05.2013 13:48:04, LastWriteTime: 25.04.2012 14:02:52, ChangeTime: 11.05.2013 13:48:05, FileAttributes: A"
"12:27:00,7964864","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\hpservice.exe","SUCCESS",""
"12:27:00,7971339","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7972822","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,7974077","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,7975383","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,7977688","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:00,7977786","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,7978051","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,7979339","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:00,7982087","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,7985758","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,7989364","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,7992956","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:00,7997733","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8000248","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8002944","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,8004633","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,8006275","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:00,8007366","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,8007422","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,8011411","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:00,8015437","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,8029576","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8033947","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:00,8035585","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:00,8044280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 54.204, Length: 4.096"
"12:27:00,8047901","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8049897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:00,8055887","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","CreationTime: 16.12.2012 13:25:38, LastAccessTime: 13.05.2013 10:47:49, LastWriteTime: 16.12.2012 13:25:38, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:00,8056862","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8059890","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS",""
"12:27:00,8061252","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:00,8063211","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:00,8067918","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 52.232, Length: 4.096"
"12:27:00,8072770","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8075956","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8078414","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976106, endtime: 976106, seqnum: 0, connid: 0"
"12:27:00,8082006","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8089596","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","Filter: SbieSvc.exe, 1: SbieSvc.exe"
"12:27:00,8091668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,8095567","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:27:00,8100461","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8101609","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8104076","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8106017","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8107626","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8108895","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8111303","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8111550","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:00,8113290","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976106, endtime: 976106, seqnum: 0, connid: 0"
"12:27:00,8113971","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,8142040","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8142633","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 62.976, Length: 7.248"
"12:27:00,8146514","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:00,8148483","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,8148996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 54.272, Length: 4.096"
"12:27:00,8154267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:27:00,8160630","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8165836","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 58.368, Length: 4.096"
"12:27:00,8167478","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS","CreationTime: 03.08.2013 09:34:58, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:34:58, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:00,8170282","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS",""
"12:27:00,8171350","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8175717","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:00,8177354","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:00,8183372","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8186712","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8188163","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,8192338","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:00,8194997","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8196709","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:00,8197572","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 62.976, Length: 4.096"
"12:27:00,8200605","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:00,8201580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 58.880, Length: 4.096"
"12:27:00,8202629","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,8212001","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,8217478","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8217996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 52.224, Length: 4.096"
"12:27:00,8223123","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:00,8226267","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:00,8228030","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\atieclxx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8234071","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:00,8234864","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\atieclxx.exe","SUCCESS","CreationTime: 29.09.2011 11:50:36, LastAccessTime: 11.05.2013 13:23:48, LastWriteTime: 29.09.2011 11:50:36, ChangeTime: 22.09.2013 09:54:10, FileAttributes: A"
"12:27:00,8236511","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 62.976, Length: 4.096"
"12:27:00,8238858","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\atieclxx.exe","SUCCESS",""
"12:27:00,8239254","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,8248547","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8260993","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,8264193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 67.072, Length: 3.152"
"12:27:00,8267365","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,8268774","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:00,8271750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:00,8293844","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8301882","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,8307886","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,8324708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,8331187","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 4.096, Length: 57.736"
"12:27:00,8334812","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 61.832, Length: 4.096"
"12:27:00,8340242","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8349493","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\atieclxx.exe","SUCCESS","Filter: atieclxx.exe, 1: atieclxx.exe"
"12:27:00,8357451","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,8361486","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:00,8386412","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8391193","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:27:00,8393180","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,8398424","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8399264","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8402408","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8402445","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976106, endtime: 976106, seqnum: 0, connid: 0"
"12:27:00,8404055","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:00,8408057","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,8416118","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8418899","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:00,8420974","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976106, endtime: 976106, seqnum: 0, connid: 0"
"12:27:00,8422038","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:00,8429269","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8429731","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:00,8434088","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:00,8437372","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,8443758","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8451390","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8452146","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,8458392","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:00,8458570","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,8464018","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,8479334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 54.204, Length: 4.096"
"12:27:00,8480229","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8482156","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,8482506","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8488104","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:00,8489130","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,8489382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 13.824, Length: 4.096"
"12:27:00,8491327","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,8492606","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 54.204, Length: 4.096"
"12:27:00,8497560","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,8518048","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8519784","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:00,8524500","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:00,8532976","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,8541196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 62.976, Length: 4.096"
"12:27:00,8549892","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8554739","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: DNCI"
"12:27:00,8556731","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,8570310","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wlanext.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8581171","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8585173","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wlanext.exe","SUCCESS","CreationTime: 14.07.2009 02:07:15, LastAccessTime: 14.07.2009 02:07:15, LastWriteTime: 14.07.2009 03:39:54, ChangeTime: 11.05.2013 14:07:46, FileAttributes: A"
"12:27:00,8586405","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:00,8588397","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wlanext.exe","SUCCESS",""
"12:27:00,8588779","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,8596770","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8603208","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,8607616","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,8612855","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8617250","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,8618887","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,8623216","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8629057","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 62.464, Length: 4.096"
"12:27:00,8630522","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,8636138","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,8644964","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8650147","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,8651817","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:00,8652984","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8658563","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\WLANExt.exe","SUCCESS","Filter: WLANExt.exe, 1: wlanext.exe"
"12:27:00,8662593","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,8675879","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8680288","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:00,8681921","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:00,8691885","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\conhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8703538","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8705530","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","CreationTime: 12.09.2013 20:28:20, LastAccessTime: 12.09.2013 20:28:20, LastWriteTime: 02.08.2013 03:09:17, ChangeTime: 12.09.2013 21:03:53, FileAttributes: A"
"12:27:00,8707578","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:00,8708292","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\conhost.exe","SUCCESS",""
"12:27:00,8709206","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:00,8715532","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8720738","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,8725202","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,8732046","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8736058","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:00,8737677","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,8740821","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8747212","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,8750440","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fileinfo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,8752432","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,8768913","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8769683","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8774885","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:00,8775682","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\conhost.exe","SUCCESS","Filter: conhost.exe, 1: conhost.exe"
"12:27:00,8776933","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,8779736","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,8802982","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8807773","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:00,8808636","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\spoolsv.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8809434","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:00,8815797","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8820256","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,8821866","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\spoolsv.exe","SUCCESS","CreationTime: 11.05.2013 14:07:36, LastAccessTime: 11.05.2013 14:07:36, LastWriteTime: 11.02.2012 08:36:02, ChangeTime: 11.05.2013 14:55:02, FileAttributes: A"
"12:27:00,8825444","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\spoolsv.exe","SUCCESS",""
"12:27:00,8829461","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8831494","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:00,8835124","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8835520","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:00,8837839","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:00,8839915","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:00,8840703","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,8841953","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,8843950","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:00,8846791","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:00,8847108","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,8849207","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:00,8851577","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:00,8853989","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:00,8856429","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:00,8858771","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:00,8860459","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:00,8861117","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:00,8862792","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:00,8862815","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8864845","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:00,8868026","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:00,8868371","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:00,8870797","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:00,8873195","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,8873274","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:00,8876078","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:00,8879642","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:00,8882861","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:00,8885688","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:00,8888454","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8893637","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\spoolsv.exe","SUCCESS","Filter: spoolsv.exe, 1: spoolsv.exe"
"12:27:00,8897322","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,8933765","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8952691","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:00,8956684","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:00,8964680","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:00,8968324","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,8969471","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:00,8976725","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,8979977","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:00,8982375","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,8982780","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:00,8985211","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:00,8994406","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:00,8996859","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:00,8999621","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:00,9003554","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9010798","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,9016434","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,9026104","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:00,9037701","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9043295","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:00,9047358","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,9067408","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9072624","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:27:00,9074275","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,9083036","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9084197","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9089068","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:00,9092287","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, FileAttributes: ANCI"
"12:27:00,9093546","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,9096634","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:27:00,9111950","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9117156","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:00,9120431","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,9137682","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9140812","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9143219","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:00,9146881","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,9149591","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","CreationTime: 10.05.2013 00:57:24, LastAccessTime: 30.06.2013 18:43:15, LastWriteTime: 10.05.2013 00:57:24, ChangeTime: 30.06.2013 18:43:15, FileAttributes: A"
"12:27:00,9153986","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS",""
"12:27:00,9161734","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9166521","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:00,9169707","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,9177717","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9185274","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe","SUCCESS","Filter: Adobe, 1: Adobe"
"12:27:00,9190942","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS",""
"12:27:00,9193783","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9198233","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, FileAttributes: ANCI"
"12:27:00,9199866","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,9212592","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9219860","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS","Filter: ARM, 1: ARM"
"12:27:00,9223116","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9229475","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, FileAttributes: DNCI"
"12:27:00,9231924","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,9233426","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe","SUCCESS",""
"12:27:00,9261710","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9262354","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9270518","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:00,9273391","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,9273946","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS","Filter: 1.0, 1: 1.0"
"12:27:00,9279614","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS",""
"12:27:00,9299254","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9304894","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","Filter: armsvc.exe, 1: armsvc.exe"
"12:27:00,9305076","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9309288","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS",""
"12:27:00,9309867","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,9311849","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,9337129","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9341547","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,9343194","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:00,9364615","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9366477","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9370223","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS","CreationTime: 13.02.2013 12:46:48, LastAccessTime: 11.05.2013 13:22:57, LastWriteTime: 13.02.2013 12:46:48, ChangeTime: 15.05.2013 16:19:51, FileAttributes: ANCI"
"12:27:00,9370852","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:00,9372816","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:00,9373059","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS",""
"12:27:00,9391975","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9395749","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9398758","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:00,9400125","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:00,9401772","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:00,9404356","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:00,9432608","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9438611","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:00,9441070","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,9465766","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9471948","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9472610","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS","CreationTime: 03.08.2013 09:35:05, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:35:05, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:00,9476561","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS",""
"12:27:00,9477961","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:00,9480736","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,9497050","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9503478","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:00,9508269","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:00,9514045","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9519745","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:00,9520081","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:00,9522857","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:00,9524965","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:00,9529355","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:00,9532998","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:00,9534515","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9535023","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:00,9537402","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:00,9539814","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:00,9540374","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9540990","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,9546023","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","CreationTime: 25.07.2012 10:46:42, LastAccessTime: 15.06.2013 07:13:50, LastWriteTime: 25.07.2012 10:46:42, ChangeTime: 15.06.2013 07:13:50, FileAttributes: ANCI"
"12:27:00,9548444","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS",""
"12:27:00,9551747","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9562211","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:00,9565280","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9566652","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,9572511","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia","SUCCESS","Filter: Secunia, 1: Secunia"
"12:27:00,9576709","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:00,9578463","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:00,9583138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:00,9589174","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9597609","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:00,9599349","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9601966","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:00,9604434","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:00,9606551","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia\PSI","SUCCESS","Filter: PSI, 1: PSI"
"12:27:00,9613194","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:00,9616861","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:00,9617262","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:00,9618624","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia","SUCCESS",""
"12:27:00,9621265","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:00,9624862","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:26:58, LastWriteTime: 06.10.2013 12:26:58, ChangeTime: 06.10.2013 12:26:58, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:00,9645299","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,9647328","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia\PSI","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9651270","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.211.982, Length: 16.200"
"12:27:00,9653710","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","Filter: sua.exe, 1: sua.exe"
"12:27:00,9658100","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia\PSI","SUCCESS",""
"12:27:00,9661333","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:00,9669706","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,9673769","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\PxHlpa64.sys","NO SUCH FILE","Filter: PxHlpa64.sys"
"12:27:00,9676923","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:00,9700327","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,9700873","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9704162","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9705972","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Filter: PxHlpa64.sys, 1: PxHlpa64.sys"
"12:27:00,9706485","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, FileAttributes: ANCI"
"12:27:00,9708169","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:00,9712022","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:00,9714980","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9720130","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:00,9722234","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskhost.exe","SUCCESS","CreationTime: 11.05.2013 14:09:45, LastAccessTime: 11.05.2013 14:09:45, LastWriteTime: 23.11.2012 05:13:57, ChangeTime: 11.05.2013 14:55:03, FileAttributes: A"
"12:27:00,9724217","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:00,9731895","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskhost.exe","SUCCESS",""
"12:27:00,9744682","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9745540","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9748060","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,9752258","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:00,9753942","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,9755771","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:00,9757166","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:00,9758892","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,9761975","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:00,9767345","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,9772210","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,9776815","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9776983","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:00,9782011","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:00,9785603","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:00,9786107","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9794476","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:00,9800042","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9800084","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,9805290","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:00,9808504","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,9817647","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,9819406","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9821645","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:00,9824043","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:00,9825816","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskhost.exe","SUCCESS","Filter: taskhost.exe, 1: taskhost.exe"
"12:27:00,9830579","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:00,9834073","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,9836946","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9839629","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:00,9842591","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, FileAttributes: ANCI"
"12:27:00,9844462","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:00,9844569","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:00,9863710","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:00,9868594","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:00,9869116","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9871393","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9873357","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:00,9873865","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, FileAttributes: DNCI"
"12:27:00,9876655","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:00,9878610","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","CreationTime: 03.08.2013 09:35:27, LastAccessTime: 03.08.2013 09:36:29, LastWriteTime: 03.08.2013 09:35:27, ChangeTime: 03.08.2013 09:36:29, FileAttributes: A"
"12:27:00,9882603","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS",""
"12:27:00,9901193","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9903483","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9905587","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:00,9906203","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 32.112, Length: 4.096"
"12:27:00,9907957","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:00,9911092","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:00,9916723","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:00,9925269","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:00,9941167","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9946728","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,9946789","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9948729","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:00,9954043","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","Filter: ALsvc.exe, 1: ALsvc.exe"
"12:27:00,9958815","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS",""
"12:27:00,9962598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:00,9977438","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:00,9983059","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:00,9985816","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:00,9988536","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\dwm.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0002549","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\dwm.exe","SUCCESS","CreationTime: 14.07.2009 01:37:38, LastAccessTime: 14.07.2009 01:37:38, LastWriteTime: 14.07.2009 03:39:08, ChangeTime: 11.05.2013 14:07:03, FileAttributes: A"
"12:27:01,0004998","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\dwm.exe","SUCCESS",""
"12:27:01,0012579","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0013059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 49.568, Length: 6.640"
"12:27:01,0015485","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0017804","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,0021153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 46.752, Length: 4.096"
"12:27:01,0021512","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:01,0021825","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,0024311","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:01,0027540","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 38.560, Length: 4.096"
"12:27:01,0038689","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0044320","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:01,0048327","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,0053183","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0058455","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:01,0061207","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:01,0062093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 49.568, Length: 4.096"
"12:27:01,0063162","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0068358","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\Dwm.exe","SUCCESS","Filter: Dwm.exe, 1: dwm.exe"
"12:27:01,0072352","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:01,0074045","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,0078925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 31.456, Length: 4.096"
"12:27:01,0090111","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0091772","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 49.568, Length: 4.096"
"12:27:01,0095397","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:01,0098149","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:01,0102842","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\explorer.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0109298","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\explorer.exe","SUCCESS","CreationTime: 11.05.2013 14:10:50, LastAccessTime: 11.05.2013 17:21:33, LastWriteTime: 25.02.2011 08:19:30, ChangeTime: 12.05.2013 08:15:45, FileAttributes: A"
"12:27:01,0111738","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\explorer.exe","SUCCESS",""
"12:27:01,0117859","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 53.664, Length: 2.544"
"12:27:01,0119333","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0125015","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,0125425","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:01,0127487","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0133454","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:01,0133906","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,0136243","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:01,0158584","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0164369","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0167014","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\Explorer.EXE","SUCCESS","Filter: Explorer.EXE, 1: explorer.exe"
"12:27:01,0169589","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:01,0171558","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:01,0172700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,0173027","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,0177617","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0178317","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 4.096, Length: 45.472"
"12:27:01,0182044","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:01,0189196","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0194486","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:01,0196497","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:01,0212889","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0220521","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:01,0225378","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:01,0228937","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:01,0229208","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0234843","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS","CreationTime: 12.11.2012 18:00:09, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 12.11.2012 18:00:09, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:01,0235804","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:01,0237609","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS",""
"12:27:01,0239368","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, FileAttributes: ANCI"
"12:27:01,0240128","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 52.806, Length: 3.402"
"12:27:01,0253783","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:01,0254501","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0260435","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:01,0264475","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:01,0304589","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0310197","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS","CreationTime: 11.02.2012 08:55:04, LastAccessTime: 10.08.2013 18:00:11, LastWriteTime: 11.02.2012 08:55:04, ChangeTime: 10.08.2013 18:00:11, FileAttributes: ANCI"
"12:27:01,0310752","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 32.112, Length: 4.096"
"12:27:01,0312627","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS",""
"12:27:01,0314353","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,0323553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 42.112, Length: 4.096"
"12:27:01,0328721","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0329584","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 32.112, Length: 4.096"
"12:27:01,0334315","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Microsoft SQL Server\90","SUCCESS","Filter: 90, 1: 90"
"12:27:01,0338317","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server","SUCCESS",""
"12:27:01,0344069","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:01,0353166","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server\90","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0358344","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Microsoft SQL Server\90\Shared","SUCCESS","Filter: Shared, 1: Shared"
"12:27:01,0361973","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server\90","SUCCESS",""
"12:27:01,0368966","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0372152","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 49.568, Length: 4.096"
"12:27:01,0373767","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, FileAttributes: DNCI"
"12:27:01,0375749","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:01,0382220","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0387029","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:01,0391050","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:01,0391648","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0394512","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 44.160, Length: 4.096"
"12:27:01,0403669","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 33.504, Length: 4.096"
"12:27:01,0405843","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0406081","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:01,0408521","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:01,0411110","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:01,0414487","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 49.568, Length: 4.096"
"12:27:01,0415770","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0415878","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:01,0420962","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,0426169","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,0433572","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0439562","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:01,0441031","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0443965","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:01,0446256","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:01,0453547","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,0460965","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0466120","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:01,0469348","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:01,0478458","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0479503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 35.552, Length: 4.096"
"12:27:01,0484332","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 40.608, Length: 4.096"
"12:27:01,0486888","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:01,0493317","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:01,0493839","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:01,0516693","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0520742","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, FileAttributes: DNCI"
"12:27:01,0522711","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:01,0545630","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0549992","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:01,0551615","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:01,0567943","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0574068","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0575906","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS","CreationTime: 03.08.2013 09:35:07, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:35:07, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:01,0579652","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:01,0579950","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS",""
"12:27:01,0582119","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:01,0602366","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0607334","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0609657","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:01,0611761","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:01,0613389","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:01,0614751","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PxHlpa64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,0616962","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:01,0639858","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0645503","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:01,0648264","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:01,0655943","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0661980","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","CreationTime: 14.09.2012 15:09:22, LastAccessTime: 18.11.2012 10:45:57, LastWriteTime: 14.09.2012 15:09:22, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:01,0664760","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS",""
"12:27:01,0676744","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0681153","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0682011","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:01,0684759","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:01,0686433","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SynTP","SUCCESS","Filter: SynTP, 1: SynTP"
"12:27:01,0690800","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics","SUCCESS",""
"12:27:01,0706040","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0711265","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","Filter: SynTPEnh.exe, 1: SynTPEnh.exe"
"12:27:01,0712907","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0715315","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP","SUCCESS",""
"12:27:01,0717670","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:01,0719312","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:01,0747027","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0752597","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:01,0755056","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:01,0756245","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0761825","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS","CreationTime: 19.08.2009 16:31:40, LastAccessTime: 11.05.2013 13:45:36, LastWriteTime: 19.08.2009 16:31:40, ChangeTime: 15.05.2013 16:19:50, FileAttributes: ANCI"
"12:27:01,0764236","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS",""
"12:27:01,0784734","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0789917","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:01,0793094","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0794181","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:01,0798725","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","CreationTime: 22.07.2013 21:33:32, LastAccessTime: 22.07.2013 21:33:32, LastWriteTime: 16.05.2013 03:14:56, ChangeTime: 22.07.2013 21:33:32, FileAttributes: N"
"12:27:01,0801174","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS",""
"12:27:01,0803824","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0809893","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:01,0817884","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0822470","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0823920","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:01,0826738","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:01,0832863","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT","SUCCESS","Filter: IDT, 1: IDT"
"12:27:01,0835886","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, FileAttributes: ANCI"
"12:27:01,0839264","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:01,0851150","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0858950","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0864949","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM","SUCCESS","Filter: WDM, 1: WDM"
"12:27:01,0869353","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT","SUCCESS",""
"12:27:01,0885414","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0891064","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","Filter: sttray64.exe, 1: sttray64.exe"
"12:27:01,0895458","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM","SUCCESS",""
"12:27:01,0898196","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:01,0935162","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0941963","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:49:08, ChangeTime: 05.08.2013 09:19:04, FileAttributes: ANCI"
"12:27:01,0944846","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS",""
"12:27:01,0945192","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:01,0947193","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:01, LastWriteTime: 06.10.2013 12:27:01, ChangeTime: 06.10.2013 12:27:01, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:01,0963576","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:01,0970812","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:00, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:01,0977264","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\igfxpers.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0982563","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\igfxpers.exe","SUCCESS","CreationTime: 09.08.2011 09:03:00, LastAccessTime: 11.05.2013 13:23:49, LastWriteTime: 09.08.2011 09:03:00, ChangeTime: 22.09.2013 09:54:27, FileAttributes: A"
"12:27:01,0984881","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:01,0985329","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\igfxpers.exe","SUCCESS",""
"12:27:01,0992574","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,0997762","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,1001769","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,1016193","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1021413","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:01,1027090","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,1045074","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1050303","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\igfxpers.exe","SUCCESS","Filter: igfxpers.exe, 1: igfxpers.exe"
"12:27:01,1054749","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:01,1087232","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1104851","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","CreationTime: 21.11.2010 05:24:15, LastAccessTime: 21.11.2010 05:24:15, LastWriteTime: 21.11.2010 05:24:15, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:27:01,1108541","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS",""
"12:27:01,1119775","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1127756","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,1133742","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,1153852","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1159852","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:01,1163882","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,1179496","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1184730","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem","SUCCESS","Filter: wbem, 1: wbem"
"12:27:01,1188779","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:01,1204025","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1210024","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem\wmiprvse.exe","SUCCESS","Filter: wmiprvse.exe, 1: WmiPrvSE.exe"
"12:27:01,1215626","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:27:01,1218038","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.057.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1222824","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.057.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1225642","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.057.979, Length: 8.760"
"12:27:01,1230419","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.066.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1254962","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1260149","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,1265318","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,1269362","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:01,1272927","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:01,1273015","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:01,1275744","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:01,1276990","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:01,1278193","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:01,1282154","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:01,1288228","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1295874","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,1299433","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.066.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1301882","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,1323141","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1325916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:01,1327913","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.066.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1332802","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:01,1333189","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1338792","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,1339725","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.066.739, Length: 2.920"
"12:27:01,1344086","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.069.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1354517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:01,1359691","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1366460","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:01,1367244","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:01,1370476","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,1373275","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:01,1373691","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:27:01,1379755","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:27:01,1385717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,1387065","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:01,1392892","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.684.698, Length: 16.200"
"12:27:01,1395835","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.069.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1400500","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.069.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1402907","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.069.659, Length: 2.920"
"12:27:01,1405767","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.072.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1413021","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1416221","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,1421031","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","CreationTime: 16.09.2011 14:39:24, LastAccessTime: 11.05.2013 13:36:02, LastWriteTime: 16.09.2011 14:39:24, ChangeTime: 11.05.2013 13:36:02, FileAttributes: A"
"12:27:01,1421833","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\Ntfs.sys","NO SUCH FILE","Filter: Ntfs.sys"
"12:27:01,1425430","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS",""
"12:27:01,1425827","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:01,1438431","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.072.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1441646","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.072.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1444062","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.072.579, Length: 1.460"
"12:27:01,1447673","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.074.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1448284","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,1453107","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\Ntfs.sys","SUCCESS","Filter: Ntfs.sys, 1: ntfs.sys"
"12:27:01,1455925","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1457558","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:01,1463184","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","Filter: nusb3mon.exe, 1: nusb3mon.exe"
"12:27:01,1468810","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application","SUCCESS",""
"12:27:01,1479050","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.074.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1483043","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.074.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1485035","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.074.039, Length: 1.460"
"12:27:01,1489499","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.075.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1490824","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,1497201","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:01,1499286","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,1508462","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,1508864","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1511579","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.075.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1513706","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,1516477","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.075.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1516542","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","CreationTime: 03.08.2013 09:35:27, LastAccessTime: 03.08.2013 09:36:30, LastWriteTime: 03.08.2013 09:35:27, ChangeTime: 03.08.2013 09:36:30, FileAttributes: A"
"12:27:01,1518525","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:01,1519276","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.075.499, Length: 7.300"
"12:27:01,1520563","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS",""
"12:27:01,1522887","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.082.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1541001","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1545778","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.082.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1547826","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:01,1548633","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.082.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1551035","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.082.799, Length: 1.460"
"12:27:01,1553414","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:01,1554268","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.084.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1555047","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,1559824","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:01,1562231","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:01,1570628","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,1575093","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,1578255","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1578923","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.084.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1579506","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:01,1582137","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.084.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1584553","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.084.259, Length: 7.300"
"12:27:01,1585122","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","Filter: ALMon.exe, 1: ALMon.exe"
"12:27:01,1590361","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS",""
"12:27:01,1590982","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.091.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1598357","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,1603535","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:01,1608359","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,1608816","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.091.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1611619","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.091.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1614003","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.091.559, Length: 2.920"
"12:27:01,1617553","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.094.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1622433","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1629654","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","CreationTime: 05.11.2012 16:14:34, LastAccessTime: 11.05.2013 13:47:14, LastWriteTime: 05.11.2012 16:14:34, ChangeTime: 11.05.2013 13:47:14, FileAttributes: A"
"12:27:01,1633237","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS",""
"12:27:01,1639250","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.505.388, Length: 4.096"
"12:27:01,1644051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.503.232, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1650092","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.094.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1651724","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1652942","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.094.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1655279","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.094.479, Length: 1.460"
"12:27:01,1657766","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS","Filter: Shared, 1: Shared"
"12:27:01,1658158","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.095.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1659053","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:01,1662188","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard","SUCCESS",""
"12:27:01,1676999","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1681856","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","Filter: hpqWmiEx.exe, 1: hpqWmiEx.exe"
"12:27:01,1685541","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.095.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1687048","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS",""
"12:27:01,1688765","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.095.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1691162","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.095.939, Length: 5.840"
"12:27:01,1695184","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,1695520","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.101.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1710368","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.570.830, Length: 4.096"
"12:27:01,1713587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.568.768, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1715528","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1716820","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.101.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1722031","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.101.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1724830","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.101.779, Length: 4.380"
"12:27:01,1728016","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.106.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1731160","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","CreationTime: 21.11.2010 05:24:15, LastAccessTime: 21.11.2010 05:24:15, LastWriteTime: 21.11.2010 05:24:15, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:27:01,1731678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:01,1733954","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS",""
"12:27:01,1741278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.570.830, Length: 4.096"
"12:27:01,1742016","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1748439","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,1753268","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,1756379","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.106.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1760027","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.106.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1762537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,1762821","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.106.159, Length: 1.460"
"12:27:01,1766437","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.107.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1768210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.649.664, Length: 7.016"
"12:27:01,1769712","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1771788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.646.592, Length: 10.088, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1775277","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:01,1779256","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,1785386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.513.472, Length: 4.096"
"12:27:01,1788208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.511.424, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1794128","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1794282","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.107.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1796661","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.107.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1800239","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.107.619, Length: 2.920"
"12:27:01,1800580","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem","SUCCESS","Filter: wbem, 1: wbem"
"12:27:01,1800911","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.517.568, Length: 4.096"
"12:27:01,1804312","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 407.109.632, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:01,1804965","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:01,1806472","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.519.616, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1809122","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.110.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1819343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 273.920, Length: 4.096"
"12:27:01,1820630","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1824176","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 270.336, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1826648","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem\wmiprvse.exe","SUCCESS","Filter: wmiprvse.exe, 1: WmiPrvSE.exe"
"12:27:01,1828355","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.110.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1831472","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:27:01,1831574","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.110.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1834383","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.110.539, Length: 4.380"
"12:27:01,1837154","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.114.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1846026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.519.616, Length: 4.096"
"12:27:01,1863021","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.114.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1866613","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.114.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1867947","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1868675","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.114.919, Length: 2.920"
"12:27:01,1871497","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.117.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1874814","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS","CreationTime: 14.09.2012 15:09:22, LastAccessTime: 18.11.2012 10:45:57, LastWriteTime: 14.09.2012 15:09:22, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:01,1878369","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS",""
"12:27:01,1881345","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.515.520, Length: 4.096"
"12:27:01,1886579","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.523.712, Length: 4.096"
"12:27:01,1890997","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.523.712, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1896842","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.117.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1898050","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1900374","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.117.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1902459","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.117.839, Length: 2.920"
"12:27:01,1904871","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SYNTP","SUCCESS","Filter: SYNTP, 1: SynTP"
"12:27:01,1905617","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.120.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1910081","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics","SUCCESS",""
"12:27:01,1916039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 275.968, Length: 4.096"
"12:27:01,1922481","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 278.528, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1932931","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.120.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1935734","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.120.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1937773","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.120.759, Length: 5.840"
"12:27:01,1940782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.525.760, Length: 4.096"
"12:27:01,1941332","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.126.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1946128","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.527.808, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1969094","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1974696","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS","CreationTime: 23.04.2013 18:59:50, LastAccessTime: 22.07.2013 21:33:15, LastWriteTime: 23.04.2013 18:59:50, ChangeTime: 22.07.2013 21:33:15, FileAttributes: ANCI"
"12:27:01,1975671","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.126.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1977127","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS",""
"12:27:01,1979254","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.126.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1981699","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.126.599, Length: 1.460"
"12:27:01,1984894","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.128.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,1988901","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.529.856, Length: 4.096"
"12:27:01,1992358","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,1992876","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.531.904, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,1997602","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:01,2001595","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:01,2010192","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.128.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,2013043","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.128.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,2015030","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.128.059, Length: 2.920"
"12:27:01,2017843","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.130.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,2020745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.649.664, Length: 4.096"
"12:27:01,2026781","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.530.368, Length: 4.096"
"12:27:01,2031623","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.643.008, Length: 4.096"
"12:27:01,2035257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.642.496, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,2049266","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2054850","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,2055298","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS","CreationTime: 23.04.2013 18:59:48, LastAccessTime: 22.07.2013 21:33:16, LastWriteTime: 23.04.2013 18:59:48, ChangeTime: 22.07.2013 21:33:16, FileAttributes: ANCI"
"12:27:01,2057719","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS",""
"12:27:01,2060551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.505.280, Length: 4.096"
"12:27:01,2072951","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2077835","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:01,2082630","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:01,2087823","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.649.664, Length: 4.096"
"12:27:01,2117455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.653.760, Length: 2.920"
"12:27:01,2118294","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2125059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:01,2125171","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","CreationTime: 11.05.2013 13:36:13, LastAccessTime: 11.05.2013 13:36:13, LastWriteTime: 24.07.2012 20:00:08, ChangeTime: 11.05.2013 13:36:13, FileAttributes: ANCI"
"12:27:01,2128371","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS",""
"12:27:01,2144414","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2150422","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Realtek","SUCCESS","Filter: Realtek, 1: Realtek"
"12:27:01,2154467","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:01,2171657","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,2176444","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2177227","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 4.096, Length: 57.752"
"12:27:01,2180092","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 61.848, Length: 61.440"
"12:27:01,2181319","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","Filter: RIconMan.exe, 1: RIconMan.exe"
"12:27:01,2183646","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 123.288, Length: 61.440"
"12:27:01,2185685","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader","SUCCESS",""
"12:27:01,2212817","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 184.728, Length: 61.440"
"12:27:01,2218060","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 246.168, Length: 61.440"
"12:27:01,2230623","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2236687","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS","CreationTime: 11.05.2013 13:23:00, LastAccessTime: 11.05.2013 13:23:00, LastWriteTime: 12.03.2013 13:20:32, ChangeTime: 11.05.2013 09:36:10, FileAttributes: A"
"12:27:01,2239113","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS",""
"12:27:01,2250277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 307.608, Length: 61.440"
"12:27:01,2255142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 369.048, Length: 61.440"
"12:27:01,2259145","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 430.488, Length: 61.440"
"12:27:01,2263143","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 491.928, Length: 61.440"
"12:27:01,2267938","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2276312","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:01,2282311","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 553.368, Length: 61.440"
"12:27:01,2282703","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:01,2287872","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 614.808, Length: 61.440"
"12:27:01,2291944","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 676.248, Length: 61.440"
"12:27:01,2295910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 737.688, Length: 61.440"
"12:27:01,2312009","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2315171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 799.128, Length: 61.440"
"12:27:01,2318465","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL","SUCCESS","Filter: DAL, 1: DAL"
"12:27:01,2319948","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 860.568, Length: 61.440"
"12:27:01,2324399","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 922.008, Length: 61.440"
"12:27:01,2324473","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS",""
"12:27:01,2328807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 983.448, Length: 61.440"
"12:27:01,2332381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.044.888, Length: 4.096"
"12:27:01,2357800","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2363781","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","CreationTime: 11.05.2013 13:22:45, LastAccessTime: 11.05.2013 13:22:45, LastWriteTime: 12.03.2013 13:20:34, ChangeTime: 11.05.2013 09:36:10, FileAttributes: A"
"12:27:01,2366216","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS",""
"12:27:01,2381484","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2386700","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:01,2391024","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:01,2412726","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2418781","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS","Filter: LMS, 1: LMS"
"12:27:01,2422793","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS",""
"12:27:01,2439228","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2444420","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","Filter: LMS.exe, 1: LMS.exe"
"12:27:01,2448077","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS",""
"12:27:01,2481343","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2486596","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS","CreationTime: 11.05.2013 15:01:08, LastAccessTime: 11.05.2013 15:01:08, LastWriteTime: 11.05.2013 15:01:08, ChangeTime: 11.05.2013 15:05:08, FileAttributes: A"
"12:27:01,2489008","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS",""
"12:27:01,2535471","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2542697","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS","CreationTime: 13.05.2013 16:08:26, LastAccessTime: 15.09.2013 13:17:55, LastWriteTime: 22.07.2013 00:25:30, ChangeTime: 15.09.2013 13:17:55, FileAttributes: ANCI"
"12:27:01,2545133","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS",""
"12:27:01,2578067","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2592883","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:01,2595305","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:01,2602531","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2608087","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,2612108","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,2627362","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2633408","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:01,2637831","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,2652665","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2657853","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:01,2661846","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:01,2688329","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2693563","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","CreationTime: 20.06.2012 18:14:18, LastAccessTime: 11.05.2013 14:43:43, LastWriteTime: 20.06.2012 18:14:18, ChangeTime: 11.05.2013 14:43:53, FileAttributes: A"
"12:27:01,2695975","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS",""
"12:27:01,2710437","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2715606","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Winamp","SUCCESS","Filter: Winamp, 1: Winamp"
"12:27:01,2719282","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:01,2734499","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Winamp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2739336","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","Filter: winamp.exe, 1: winamp.exe"
"12:27:01,2742961","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Winamp","SUCCESS",""
"12:27:01,2773027","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2778261","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","CreationTime: 01.10.2013 13:42:31, LastAccessTime: 01.10.2013 13:42:43, LastWriteTime: 01.10.2013 13:42:43, ChangeTime: 05.10.2013 09:23:33, FileAttributes: A"
"12:27:01,2780668","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS",""
"12:27:01,2795480","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Mozilla Firefox","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2800322","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","Filter: firefox.exe, 1: firefox.exe"
"12:27:01,2804273","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Mozilla Firefox","SUCCESS",""
"12:27:01,2852449","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2857687","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS","CreationTime: 06.11.2012 09:18:34, LastAccessTime: 11.05.2013 13:42:02, LastWriteTime: 06.11.2012 09:18:34, ChangeTime: 11.05.2013 13:42:02, FileAttributes: A"
"12:27:01,2860095","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS",""
"12:27:01,2874561","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2879720","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:01,2883368","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:01,2897825","Windows7FirewallService.exe","2128","QueryOpen","D:\Progs\Firefox 19.0.2 portable\Firefox\firefox.exe","SUCCESS","CreationTime: 03.10.2013 16:41:28, LastAccessTime: 03.10.2013 16:41:43, LastWriteTime: 03.10.2013 16:41:43, ChangeTime: 03.10.2013 16:46:19, AllocationSize: 278.528, EndOfFile: 274.840, FileAttributes: ANCI"
"12:27:01,2902215","Windows7FirewallService.exe","2128","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2907029","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs","SUCCESS","Filter: Progs, 1: Progs"
"12:27:01,2911405","Windows7FirewallService.exe","2128","CloseFile","D:\","SUCCESS",""
"12:27:01,2928302","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2933517","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Filter: Firefox, 1: Firefox"
"12:27:01,2937146","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS",""
"12:27:01,2948767","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2953577","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox\firefox.exe","SUCCESS","Filter: firefox.exe, 1: firefox.exe"
"12:27:01,2957183","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS",""
"12:27:01,2983997","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,2989231","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","CreationTime: 18.07.2012 20:47:26, LastAccessTime: 06.10.2013 10:27:28, LastWriteTime: 18.07.2012 20:47:26, ChangeTime: 06.10.2013 10:27:28, FileAttributes: A"
"12:27:01,2991629","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS",""
"12:27:01,3006501","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3011362","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Nuance","SUCCESS","Filter: Nuance, 1: Nuance"
"12:27:01,3015336","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS",""
"12:27:01,3030554","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Nuance","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3036166","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","Filter: dgnsvc.exe, 1: dgnsvc.exe"
"12:27:01,3039762","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Nuance","SUCCESS",""
"12:27:01,3068685","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3083119","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskhost.exe","SUCCESS","CreationTime: 11.05.2013 14:09:45, LastAccessTime: 11.05.2013 14:09:45, LastWriteTime: 23.11.2012 05:13:57, ChangeTime: 11.05.2013 14:55:03, FileAttributes: A"
"12:27:01,3085568","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskhost.exe","SUCCESS",""
"12:27:01,3092766","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3097963","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,3101620","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,3115653","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3120826","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:01,3125295","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,3142126","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3147295","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskhost.exe","SUCCESS","Filter: taskhost.exe, 1: taskhost.exe"
"12:27:01,3150985","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:01,3178196","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3183430","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","CreationTime: 16.12.2012 13:25:38, LastAccessTime: 13.05.2013 10:47:49, LastWriteTime: 16.12.2012 13:25:38, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:01,3185814","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS",""
"12:27:01,3200304","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3205496","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","Filter: SbieCtrl.exe, 1: SbieCtrl.exe"
"12:27:01,3209130","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:27:01,3214252","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.048.984, Length: 61.440"
"12:27:01,3218227","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.110.424, Length: 61.440"
"12:27:01,3221473","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.171.864, Length: 61.440"
"12:27:01,3224772","Windows7FirewallService.exe","2128","QueryOpen","D:\Progs\Firefox 19.0.2 portable\Firefox\plugin-container.exe","SUCCESS","CreationTime: 03.10.2013 16:41:29, LastAccessTime: 03.10.2013 16:41:42, LastWriteTime: 03.10.2013 16:41:42, ChangeTime: 03.10.2013 16:41:42, AllocationSize: 20.480, EndOfFile: 17.816, FileAttributes: ANCI"
"12:27:01,3226670","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.233.304, Length: 61.440"
"12:27:01,3229954","Windows7FirewallService.exe","2128","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3230286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.294.744, Length: 61.440"
"12:27:01,3234834","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs","SUCCESS","Filter: Progs, 1: Progs"
"12:27:01,3239578","Windows7FirewallService.exe","2128","CloseFile","D:\","SUCCESS",""
"12:27:01,3255785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.356.184, Length: 61.440"
"12:27:01,3259661","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3260678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.417.624, Length: 61.440"
"12:27:01,3265324","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Filter: Firefox, 1: Firefox"
"12:27:01,3265866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.479.064, Length: 61.440"
"12:27:01,3270479","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS",""
"12:27:01,3270652","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.540.504, Length: 61.440"
"12:27:01,3274696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.601.944, Length: 47.720"
"12:27:01,3314643","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3320232","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","CreationTime: 10.09.2013 18:54:10, LastAccessTime: 10.09.2013 18:54:10, LastWriteTime: 10.09.2013 18:54:10, ChangeTime: 10.09.2013 18:54:10, FileAttributes: A"
"12:27:01,3322639","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS",""
"12:27:01,3338084","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3346141","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,3351730","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,3369760","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3375390","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:01,3379440","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,3394694","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3399914","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed","SUCCESS","Filter: Macromed, 1: Macromed"
"12:27:01,3404295","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:01,3419167","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3426006","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed\Flash","SUCCESS","Filter: Flash, 1: Flash"
"12:27:01,3431151","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed","SUCCESS",""
"12:27:01,3476131","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3481724","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","CreationTime: 10.09.2013 18:54:10, LastAccessTime: 10.09.2013 18:54:10, LastWriteTime: 10.09.2013 18:54:10, ChangeTime: 10.09.2013 18:54:10, FileAttributes: A"
"12:27:01,3484146","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS",""
"12:27:01,3491372","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3496219","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,3500198","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,3514267","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3519460","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:01,3523859","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,3539104","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3543946","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed","SUCCESS","Filter: Macromed, 1: Macromed"
"12:27:01,3547953","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:01,3562392","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3567206","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed\Flash","SUCCESS","Filter: Flash, 1: Flash"
"12:27:01,3570798","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed","SUCCESS",""
"12:27:01,3598065","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3603294","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","CreationTime: 27.09.2013 20:28:05, LastAccessTime: 27.09.2013 20:28:05, LastWriteTime: 31.05.2013 15:54:54, ChangeTime: 27.09.2013 20:28:05, FileAttributes: A"
"12:27:01,3605706","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS",""
"12:27:01,3612554","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3617364","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:01,3621334","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,3637759","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3642597","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\Desktop","SUCCESS","Filter: Desktop, 1: Desktop"
"12:27:01,3646245","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:01,3660291","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\Desktop","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3665106","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","Filter: Procmon.exe, 1: Procmon.exe"
"12:27:01,3668726","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\Desktop","SUCCESS",""
"12:27:01,3696814","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskmgr.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3709619","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskmgr.exe","SUCCESS","CreationTime: 21.11.2010 05:24:24, LastAccessTime: 21.11.2010 05:24:24, LastWriteTime: 21.11.2010 05:24:24, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:01,3712035","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskmgr.exe","SUCCESS",""
"12:27:01,3719196","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3724062","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,3729301","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,3743753","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3748912","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:01,3752560","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,3767003","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3771831","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskmgr.exe","SUCCESS","Filter: taskmgr.exe, 1: taskmgr.exe"
"12:27:01,3775853","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:01,3805881","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3806870","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.651.016, Length: 4.096"
"12:27:01,3811503","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","CreationTime: 06.10.2013 12:25:43, LastAccessTime: 06.10.2013 12:25:43, LastWriteTime: 06.10.2013 12:25:47, ChangeTime: 06.10.2013 12:25:47, FileAttributes: HA"
"12:27:01,3813919","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS",""
"12:27:01,3820767","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3826780","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:01,3831217","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,3847232","Windows7FirewallService.exe","2128","CreateFile","C:\Users","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3851015","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 278.016, Length: 4.096"
"12:27:01,3852083","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\WONDER~1","SUCCESS","Filter: WONDER~1, 1: wonderwall"
"12:27:01,3856039","Windows7FirewallService.exe","2128","CloseFile","C:\Users","SUCCESS",""
"12:27:01,3870533","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3876085","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:01,3879752","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:01,3887883","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.505.388, Length: 4.096"
"12:27:01,3890696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,3894199","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3898342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 359.424, Length: 4.096"
"12:27:01,3899391","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData\Local","SUCCESS","Filter: Local, 1: Local"
"12:27:01,3902372","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.505.388, Length: 4.096"
"12:27:01,3902993","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:01,3917412","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData\Local","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3922282","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData\Local\Temp","SUCCESS","Filter: Temp, 1: Temp"
"12:27:01,3927437","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData\Local","SUCCESS",""
"12:27:01,3948439","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.649.664, Length: 4.096"
"12:27:01,3955982","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3968764","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:01,3971181","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:01,3978034","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,3982843","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,3986463","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:01,4000118","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,4005263","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:01,4008902","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,4022990","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,4024054","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.507.328, Length: 4.096"
"12:27:01,4030188","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:01,4034457","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 1.511.424, Length: 4.096"
"12:27:01,4034564","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:01,4048219","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4051862","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4055039","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4059023","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4061505","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4065083","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:01,4067905","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046}"
"12:27:01,4071063","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS",""
"12:27:01,4102794","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4106382","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:01,4108845","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4111182","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4113258","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4116057","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:01,4119220","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:01,4121273","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Query: Name"
"12:27:01,4124016","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4127300","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4130071","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046}"
"12:27:01,4132483","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS",""
"12:27:01,4137255","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4139732","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:01,4142106","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4144103","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4146515","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4148959","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4151726","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:01,4153769","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4156577","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4159754","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4162539","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:01,4165413","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4168165","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:01,4170194","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4172172","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4174202","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4176609","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:01,4179398","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:01,4181418","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: Name"
"12:27:01,4183462","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4186275","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4188668","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {8564B5BD-BFC4-45C5-A755-25BA407305E7}"
"12:27:01,4191047","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: Name"
"12:27:01,4192414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ntfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,4193076","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4195852","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4197904","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 1.0"
"12:27:01,4200307","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS",""
"12:27:01,4203125","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4205863","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:01,4207878","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4209530","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4211550","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4214288","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:01,4217106","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:01,4219503","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: Name"
"12:27:01,4221575","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4225535","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4229524","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Index: 0, Name: 1.0"
"12:27:01,4233153","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NO MORE ENTRIES","Index: 1, Length: 288"
"12:27:01,4236022","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: Name"
"12:27:01,4239213","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4243225","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4246803","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4250017","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:01,4253647","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: Name"
"12:27:01,4257225","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4261283","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4264917","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Index: 0, Name: 0"
"12:27:01,4268509","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: Name"
"12:27:01,4271691","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4275698","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4279290","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4282556","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:01,4286138","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: Name"
"12:27:01,4289324","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4293322","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4296593","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4299816","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:01,4303403","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Query: Name"
"12:27:01,4306599","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4310592","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4314175","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","BUFFER OVERFLOW","Length: 144"
"12:27:01,4317025","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","SUCCESS","Type: REG_SZ, Length: 138, Data: C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe"
"12:27:01,4339916","Windows7FirewallControl.exe","3436","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,4348346","Windows7FirewallControl.exe","3436","QueryNetworkOpenInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:01,4353524","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
"12:27:01,4358758","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 232, Length: 4"
"12:27:01,4362332","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 236, Length: 20"
"12:27:01,4365537","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 496, Length: 40"
"12:27:01,4368415","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 536, Length: 40"
"12:27:01,4371568","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 576, Length: 40"
"12:27:01,4374433","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 616, Length: 40"
"12:27:01,4377582","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 656, Length: 40"
"12:27:01,4380791","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.864, Length: 16"
"12:27:01,4383987","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.880, Length: 8"
"12:27:01,4386828","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.768, Length: 2"
"12:27:01,4390005","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.888, Length: 8"
"12:27:01,4392897","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.786, Length: 2"
"12:27:01,4396060","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.788, Length: 14"
"12:27:01,4398915","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.960, Length: 16"
"12:27:01,4402082","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.976, Length: 8"
"12:27:01,4405268","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.192, Length: 16"
"12:27:01,4407713","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.208, Length: 8"
"12:27:01,4410087","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.544, Length: 16"
"12:27:01,4412140","Windows7FirewallControl.exe","3436","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,4414920","Windows7FirewallControl.exe","3436","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:27:01,4416968","Windows7FirewallControl.exe","3436","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,4421754","Windows7FirewallControl.exe","3436","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","SyncType: SyncTypeOther"
"12:27:01,4432554","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS",""
"12:27:01,4434961","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS",""
"12:27:01,4436995","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS",""
"12:27:01,4438992","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS",""
"12:27:01,4444641","Windows7FirewallControl.exe","3436","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:27:01,4461379","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4464962","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4467761","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4471371","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4473779","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4476232","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4479451","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4482665","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:01,4485856","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4488226","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4490255","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4492686","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4494706","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4497481","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:01,4499884","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {8564B5BD-BFC4-45C5-A755-25BA407305E7}"
"12:27:01,4502669","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 1.0"
"12:27:01,4505085","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS",""
"12:27:01,4507884","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:01,4509918","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4511929","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4514336","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4516351","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4518749","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:01,4520760","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Index: 0, Name: 1.0"
"12:27:01,4523134","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NO MORE ENTRIES","Index: 1, Length: 288"
"12:27:01,4527132","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4529558","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4531993","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Index: 0, Name: 0"
"12:27:01,4534783","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4536803","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4539163","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4541169","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4543245","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","BUFFER OVERFLOW","Length: 144"
"12:27:01,4545251","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","SUCCESS","Type: REG_SZ, Length: 138, Data: C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe"
"12:27:01,4565670","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:01,4569033","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,4572112","Windows7FirewallService.exe","2128","QueryNetworkOpenInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:01,4573040","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,4575471","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:01,4577855","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:01,4578909","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
"12:27:01,4579511","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:01,4582338","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:01,4582949","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 232, Length: 4"
"12:27:01,4585547","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:01,4587796","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 236, Length: 20"
"12:27:01,4591383","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 496, Length: 40"
"12:27:01,4594145","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 536, Length: 40"
"12:27:01,4596179","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 576, Length: 40"
"12:27:01,4598189","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 616, Length: 40"
"12:27:01,4600195","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 656, Length: 40"
"12:27:01,4602575","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.864, Length: 16"
"12:27:01,4608597","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.880, Length: 8"
"12:27:01,4610654","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.768, Length: 2"
"12:27:01,4612996","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.888, Length: 8"
"12:27:01,4615016","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.786, Length: 2"
"12:27:01,4617017","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.788, Length: 14"
"12:27:01,4620409","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.960, Length: 16"
"12:27:01,4621211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:01,4627201","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.976, Length: 8"
"12:27:01,4627243","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,4630019","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:01,4631232","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.192, Length: 16"
"12:27:01,4632822","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:01,4634012","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.208, Length: 8"
"12:27:01,4635174","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:01,4636825","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.544, Length: 16"
"12:27:01,4638047","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:01,4639992","Windows7FirewallService.exe","2128","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,4641653","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:01,4642861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:01,4643221","Windows7FirewallService.exe","2128","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:27:01,4645287","Windows7FirewallService.exe","2128","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,4650032","Windows7FirewallService.exe","2128","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","SyncType: SyncTypeOther"
"12:27:01,4660094","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS",""
"12:27:01,4662487","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS",""
"12:27:01,4664474","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS",""
"12:27:01,4666130","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS",""
"12:27:01,4670338","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,4671677","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:27:01,4679981","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 286.152, Length: 16.200"
"12:27:01,4701664","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,4706114","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\Ntfs.sys.mui","NO SUCH FILE","Filter: Ntfs.sys.mui"
"12:27:01,4709272","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:01,4726589","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,4732966","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\Ntfs.sys.mui","SUCCESS","Filter: Ntfs.sys.mui, 1: ntfs.sys.mui"
"12:27:01,4738578","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:01,4783539","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,4789949","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:01,4791969","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,4798761","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,4802414","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,4806006","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:01,4836128","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,4839701","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:01,4841320","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:01,4847683","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,4850981","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,4854550","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:01,4868563","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,4872193","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:01,4875416","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,5000196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 70.144, Length: 2.048"
"12:27:01,5008635","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,5110929","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:01,5119298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:01,5127322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:01,5134599","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:01,5141844","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:01,5149056","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:01,5156268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:01,5163489","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:01,5170725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:01,5177932","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:01,5185135","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:01,5192324","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:01,5199578","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:01,5206785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:01,5214002","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:01,5220878","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:01,5228879","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 69.632, Length: 2.560"
"12:27:01,5249727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,5261744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:01,5267398","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:01,5273000","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:01,5278575","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:01,5283832","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:01,5289076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:01,5294674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:01,5300263","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:01,5305525","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:01,5310749","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:01,5315960","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:01,5321502","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:01,5327543","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:01,5332806","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:01,5337984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:01,5342448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:01,5347178","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 69.632, Length: 2.560"
"12:27:01,5496892","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ntfs.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,6106897","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,6110941","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,6113381","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:01,6115779","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:01,6117748","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:01,6119394","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:01,6121414","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:01,6160694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:01,6165471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,6183324","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:01,6212914","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,6218927","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 5.892, Length: 16.200"
"12:27:01,6240656","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,6245457","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\msrpc.sys","NO SUCH FILE","Filter: msrpc.sys"
"12:27:01,6248615","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:01,6264672","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,6268334","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Filter: msrpc.sys, 1: msrpc.sys"
"12:27:01,6272332","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:01,6298381","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,6303629","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:01,6305649","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,6312054","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,6315679","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,6319215","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:01,6345703","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,6348940","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:01,6350564","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:01,6356586","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,6360188","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,6363407","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:01,6376636","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,6380252","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:01,6383457","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,6409497","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 352.876, Length: 4.096"
"12:27:01,6413093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 352.256, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,6428745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:01,6459650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,6501747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 359.936, Length: 7.040"
"12:27:01,6505013","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 360.448, Length: 6.528, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,6519357","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 350.208, Length: 4.096"
"12:27:01,6522964","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 348.160, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,6538171","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6541381","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976114, endtime: 976114, seqnum: 0, connid: 0"
"12:27:01,6557904","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6559878","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6560405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 354.304, Length: 4.096"
"12:27:01,6561067","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6561921","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6563083","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6564641","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976114, endtime: 976114, seqnum: 0, connid: 0"
"12:27:01,6565228","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:27:01,6572818","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 354.816, Length: 4.096"
"12:27:01,6573905","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6575501","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6576751","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976114, endtime: 976114, seqnum: 0, connid: 0"
"12:27:01,6597342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 359.936, Length: 4.096"
"12:27:01,6598448","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.130.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6601275","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.130.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6602936","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 355.328, Length: 4.096"
"12:27:01,6603248","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.130.979, Length: 1.460"
"12:27:01,6605688","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.132.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6612569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,6624166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 359.936, Length: 4.096"
"12:27:01,6640092","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.132.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6643325","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.132.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6645298","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.132.439, Length: 4.380"
"12:27:01,6648527","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.136.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6663539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 364.032, Length: 2.944"
"12:27:01,6670312","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:01,6670755","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.136.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6674352","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.136.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6676349","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.136.819, Length: 2.920"
"12:27:01,6679908","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.139.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6700700","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.139.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6703504","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.139.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6705127","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.139.739, Length: 2.920"
"12:27:01,6708696","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.142.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6717657","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,6722905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 4.096, Length: 57.760"
"12:27:01,6727300","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 61.856, Length: 61.440"
"12:27:01,6731722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 123.296, Length: 61.440"
"12:27:01,6761560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 184.736, Length: 61.440"
"12:27:01,6766756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 246.176, Length: 61.440"
"12:27:01,6782030","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 307.616, Length: 52.320"
"12:27:01,6859571","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6862408","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6864427","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976115, endtime: 976115, seqnum: 0, connid: 0"
"12:27:01,6880858","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6882803","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6883657","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6884818","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6885663","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6887235","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976115, endtime: 976115, seqnum: 0, connid: 0"
"12:27:01,6896453","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6898048","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,6899298","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976115, endtime: 976115, seqnum: 0, connid: 0"
"12:27:01,6916811","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.142.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6920818","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.142.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6923603","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.142.659, Length: 2.920"
"12:27:01,6927209","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.145.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6958744","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.145.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6962318","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.145.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6964328","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.145.579, Length: 5.840"
"12:27:01,6967930","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.151.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6993513","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.151.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6996746","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.151.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,6999167","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.151.419, Length: 1.460"
"12:27:01,7001989","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.152.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7024558","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.152.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7029321","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.152.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7031705","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.152.879, Length: 2.920"
"12:27:01,7034873","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.155.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7166211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 361.323, Length: 4.096"
"12:27:01,7179604","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7182767","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7185221","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976115, endtime: 976115, seqnum: 0, connid: 0"
"12:27:01,7195456","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:01,7205658","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7208084","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7209693","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7211252","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7212502","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7214830","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976115, endtime: 976115, seqnum: 0, connid: 0"
"12:27:01,7224920","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7227668","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976115, endtime: 976115, seqnum: 0, connid: 0"
"12:27:01,7241980","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.155.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7243617","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 352.876, Length: 4.096"
"12:27:01,7245586","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.155.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7246076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,7248371","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.155.799, Length: 2.920"
"12:27:01,7253227","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.158.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7254104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 68.096, Length: 4.096"
"12:27:01,7257276","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 352.876, Length: 4.096"
"12:27:01,7286209","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.158.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7289456","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.158.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7291844","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.158.719, Length: 2.920"
"12:27:01,7295445","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.161.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7309870","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 359.936, Length: 4.096"
"12:27:01,7317959","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.161.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7320706","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.161.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7322759","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.161.639, Length: 4.380"
"12:27:01,7326762","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.166.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7351635","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.166.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7354397","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.166.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7356408","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.166.019, Length: 1.460"
"12:27:01,7359603","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.167.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7367576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 356.864, Length: 4.096"
"12:27:01,7450650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msrpc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,7498979","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7502133","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7504148","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976115, endtime: 976115, seqnum: 0, connid: 0"
"12:27:01,7520989","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7522990","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7523853","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7525435","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7526997","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,7529003","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976115, endtime: 976115, seqnum: 0, connid: 0"
"12:27:01,7570699","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.167.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7573871","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.167.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7575919","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.167.479, Length: 2.920"
"12:27:01,7579138","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.170.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7660897","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.170.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7663365","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.175.168, EndOfFile: 407.170.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,7668146","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.170.399, Length: 7.300, Priority: Normal"
"12:27:01,7689782","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.177.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,8117390","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,8121444","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,8126207","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:01,8128642","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:01,8130658","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:01,8132696","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:01,8135057","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:01,8169960","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:01,8174756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,8189199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:01,8192021","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 4.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,8214133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,8219703","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.283.476, Length: 16.200"
"12:27:01,8241778","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,8246214","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\ksecdd.sys","NO SUCH FILE","Filter: ksecdd.sys"
"12:27:01,8249041","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:01,8265047","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,8269049","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Filter: ksecdd.sys, 1: ksecdd.sys"
"12:27:01,8272697","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:01,8298780","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,8304368","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:01,8306383","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,8312788","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,8316404","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,8319623","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:01,8347305","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,8350533","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:01,8352156","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:01,8358515","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,8362130","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:01,8365354","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:01,8378635","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,8382586","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:01,8385805","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:01,8413095","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 82.028, Length: 4.096"
"12:27:01,8418325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:01,8449170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,8490152","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 88.576, Length: 7.024"
"12:27:01,8495722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 78.848, Length: 4.096"
"12:27:01,8501782","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8504165","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8505364","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8506549","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8507403","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8510566","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8511429","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8513393","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 11680, startime: 976116, endtime: 976116, seqnum: 0, connid: 0"
"12:27:01,8518198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 82.944, Length: 4.096"
"12:27:01,8522261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 42.496, Length: 4.096"
"12:27:01,8535430","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:01,8558359","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 3472, seqnum: 0, connid: 0"
"12:27:01,8559502","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 3828, seqnum: 0, connid: 0"
"12:27:01,8560719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,8561983","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8563168","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8568762","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 3472, seqnum: 0, connid: 0"
"12:27:01,8569536","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 3828, seqnum: 0, connid: 0"
"12:27:01,8571192","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8572354","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8572727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 88.576, Length: 4.096"
"12:27:01,8573982","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 16060, startime: 976116, endtime: 976116, seqnum: 0, connid: 0"
"12:27:01,8576422","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8593617","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 60.928, Length: 4.096"
"12:27:01,8607285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 88.576, Length: 4.096"
"12:27:01,8612902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 92.672, Length: 2.928"
"12:27:01,8620539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:01,8636185","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:01,8639362","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976116, endtime: 976116, seqnum: 0, connid: 0"
"12:27:01,8671877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,8677144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 4.096, Length: 57.760"
"12:27:01,8680320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 61.856, Length: 26.720"
"12:27:01,8768993","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 89.947, Length: 4.096"
"12:27:01,8799511","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:01,8846077","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.177.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,8849189","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 82.028, Length: 4.096"
"12:27:01,8849249","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.177.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,8850887","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.177.699, Length: 16.384"
"12:27:01,8851619","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,8855249","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.194.083, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,8858491","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 55.296, Length: 4.096"
"12:27:01,8862078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 82.028, Length: 4.096"
"12:27:01,8866496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,8871730","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:01,8876936","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:01,8882133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:01,8884685","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.194.083, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,8887348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:01,8887484","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.194.083, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,8889126","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.194.083, Length: 11.356"
"12:27:01,8892709","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.205.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,8893348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:01,8898610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:01,8903807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:01,8909008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:01,8917657","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:01,8924869","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:01,8930476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:01,8936037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:01,8941248","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:01,8946137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:01,8951348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:01,8956554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:01,8963360","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:01,8968585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:01,8973796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:01,8978997","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:01,8981745","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.205.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,8984217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:01,8984572","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.205.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,8986545","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.205.439, Length: 1.460"
"12:27:01,8989003","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.206.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:01,8989437","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:01,8994643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 94.208, Length: 1.392"
"12:27:01,9010663","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 82.028, Length: 4.096"
"12:27:01,9015104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,9019545","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:01,9025171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:01,9029962","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:01,9034371","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:01,9038784","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:01,9043197","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:01,9047605","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:01,9052014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:01,9056427","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:01,9060826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:01,9065230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:01,9069633","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:01,9073725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:01,9078124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:01,9082537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:01,9086936","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:01,9091330","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:01,9095734","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:01,9100138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:01,9104532","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:01,9108623","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:01,9113013","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:01,9117417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 94.208, Length: 1.392"
"12:27:01,9137859","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 82.028, Length: 4.096"
"12:27:01,9160769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 88.576, Length: 4.096"
"12:27:01,9213689","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 87.552, Length: 4.096"
"12:27:01,9295587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,9828312","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:01,9832379","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:01,9835136","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:01,9837520","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:01,9839172","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:01,9841145","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:01,9843160","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:01,9878885","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:01,9883694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:01,9901622","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:01,9936544","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:01,9942959","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.109.112, Length: 16.200"
"12:27:01,9964236","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,9968999","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\cng.sys","NO SUCH FILE","Filter: cng.sys"
"12:27:01,9971840","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:01,9988662","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:01,9992314","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\cng.sys","SUCCESS","Filter: cng.sys, 1: cng.sys"
"12:27:01,9996293","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:02,0022375","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,0031626","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:02,0036408","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:02,0045659","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,0050039","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:02,0053636","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:02,0086967","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,0090620","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:02,0092579","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:02,0098961","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,0102581","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:02,0106215","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:02,0119505","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,0123895","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:02,0129913","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:02,0157194","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 436.332, Length: 4.096"
"12:27:02,0160786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 434.176, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,0176960","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:02,0207851","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,0250737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 447.488, Length: 11.224"
"12:27:02,0254338","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 446.464, Length: 12.248, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,0271015","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:02,0287450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:02,0290650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:02,0293491","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 331.776, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,0322624","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 439.808, Length: 4.096"
"12:27:02,0327019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 442.368, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,0348011","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 447.488, Length: 4.096"
"12:27:02,0353231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 441.856, Length: 4.096"
"12:27:02,0362482","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,0374140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 447.488, Length: 4.096"
"12:27:02,0394974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 240.640, Length: 4.096"
"12:27:02,0398197","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 237.568, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,0424965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 447.488, Length: 4.096"
"12:27:02,0431417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 451.584, Length: 7.128"
"12:27:02,0437794","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:02,0481584","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 436.332, Length: 4.096"
"12:27:02,0483991","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,0491950","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 394.240, Length: 4.096"
"12:27:02,0495159","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 393.216, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,0515825","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 436.332, Length: 4.096"
"12:27:02,0571171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 447.488, Length: 4.096"
"12:27:02,0621343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 443.904, Length: 4.096"
"12:27:02,0732892","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cng.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,1271210","svchost.exe","588","ReadFile","C:\Windows\System32\wevtsvc.dll","SUCCESS","Offset: 1.263.616, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:02,1280008","svchost.exe","588","WriteFile","C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat","SUCCESS","Offset: 0, Length: 512, I/O Flags: Non-cached, Priority: Normal"
"12:27:02,1347548","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:02,1351966","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,1355539","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:02,1358763","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:02,1361604","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:02,1364015","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:02,1366800","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:02,1413380","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:02,1418941","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,1447467","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:02,1469873","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,1477128","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.315.552, Length: 2.268"
"12:27:02,1480771","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 60, Length: 16.200"
"12:27:02,1504842","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,1510403","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\pcw.sys","NO SUCH FILE","Filter: pcw.sys"
"12:27:02,1514074","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:02,1538528","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,1543739","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Filter: pcw.sys, 1: pcw.sys"
"12:27:02,1548945","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:02,1586303","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,1593897","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:02,1596705","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:02,1606297","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,1611097","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:02,1615179","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:02,1658027","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,1662865","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:02,1665650","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:02,1674555","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,1679738","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:02,1684561","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:02,1721060","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,1731053","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:02,1735909","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:02,1772044","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 38.456, Length: 4.096"
"12:27:02,1778832","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:02,1798915","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 37.872, Length: 4.096"
"12:27:02,1818951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,1873890","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 43.520, Length: 7.248"
"12:27:02,1881896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 37.376, Length: 4.096"
"12:27:02,1887941","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 41.472, Length: 4.096"
"12:27:02,1893152","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 3.072, Length: 4.096"
"12:27:02,1933299","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:02,1946524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,1964466","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:02,1992260","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 47.616, Length: 3.152"
"12:27:02,2000317","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:02,2060845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,2067698","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 4.096, Length: 39.424"
"12:27:02,2087622","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:52399 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 45, seqnum: 0, connid: 0"
"12:27:02,2101500","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:51814 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:02,2140990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 44.907, Length: 4.096"
"12:27:02,2207144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 38.456, Length: 4.096"
"12:27:02,2209598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,2217225","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 7.680, Length: 4.096"
"12:27:02,2220463","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 38.456, Length: 4.096"
"12:27:02,2226896","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:52399 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 320, seqnum: 0, connid: 0"
"12:27:02,2230483","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:51814 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 103, seqnum: 0, connid: 0"
"12:27:02,2260166","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:50690","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:02,2278994","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:02,2279018","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:64302 -> 224.0.0.252:llmnr","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:02,2366514","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 43.008, Length: 4.096"
"12:27:02,2457603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\pcw.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,2918752","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:02,2922802","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,2926450","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:02,2930014","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:02,2932878","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:02,2936073","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,2938863","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:02,2942474","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:02,2946052","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:02,2948459","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,2950931","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:02,2953693","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:02,3044273","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:02,3047954","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:02,3051542","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:02,3054718","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:02,3056780","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:02,3059127","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:02,3061553","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:02,3063596","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:02,3065947","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:02,3068018","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:02,3070369","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:02,3072763","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:02,3074400","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:02,3076448","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:02,3078398","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:02,3080059","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:02,3082069","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3084043","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:02,3084383","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:02,3086454","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:02,3088782","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3088820","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:02,3090891","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:02,3091577","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:02,3093293","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:02,3094012","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:02,3095663","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:02,3096022","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:02,3098826","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:02,3098873","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:02,3100496","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:02,3101247","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:02,3102866","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:02,3104508","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:02,3106472","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:02,3108455","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3110087","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:02,3112089","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3119291","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3121708","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3124563","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3126961","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:02,3129377","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3131416","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3133762","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3135819","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3136533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:02,3137835","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3140228","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3141012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,3142215","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:02,3144249","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3146213","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:02,3149441","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3152441","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3157992","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3160567","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:02,3161202","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:02,3164043","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3166478","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3169613","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3172482","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3175645","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3178896","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3181700","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:02,3184933","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3187694","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:02,3190540","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,3196936","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.711.914, Length: 16.200"
"12:27:02,3201120","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3204334","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3207576","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3209960","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:02,3212764","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3214803","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3216818","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3217821","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,3219174","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3221170","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3222257","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\Fs_Rec.sys","NO SUCH FILE","Filter: Fs_Rec.sys"
"12:27:02,3223237","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3226017","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:02,3228406","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3228606","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:02,3230407","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:02,3232222","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:50690","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:02,3244635","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:64302 -> 224.0.0.252:llmnr","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:02,3247896","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3249897","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,3253695","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3254735","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\Fs_Rec.sys","SUCCESS","Filter: Fs_Rec.sys, 1: fs_rec.sys"
"12:27:02,3258756","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:02,3258938","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3261793","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:02,3264559","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3283709","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3286900","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3289578","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,3290124","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3294518","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:02,3296426","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:02,3297709","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3298833","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:02,3300088","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3302127","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3304165","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,3305653","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,3306185","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:02,3308574","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3309311","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:02,3310580","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:02,3312889","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:02,3312954","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:02,3314923","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:02,3345810","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,3349402","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:02,3351034","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:02,3357412","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,3361018","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:02,3365043","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:02,3379122","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,3383064","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:02,3386293","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:02,3412020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 12.928, Length: 4.096"
"12:27:02,3417641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:02,3436819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 11.784, Length: 4.096"
"12:27:02,3454108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,3494614","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 16.384, Length: 7.024"
"12:27:02,3500217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 11.776, Length: 4.096"
"12:27:02,3504224","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 3.072, Length: 4.096"
"12:27:02,3512723","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:02,3516698","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 14.336, Length: 4.096"
"12:27:02,3525557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,3541609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:02,3563628","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 20.480, Length: 2.928"
"12:27:02,3569249","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:02,3612946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,3617802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 4.096, Length: 12.288"
"12:27:02,3646646","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 17.755, Length: 4.096"
"12:27:02,3709297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 12.928, Length: 4.096"
"12:27:02,3711700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,3718893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:02,3721715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 12.928, Length: 4.096"
"12:27:02,3757426","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 17.024, Length: 4.096"
"12:27:02,3760258","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:02,3834342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 15.872, Length: 4.096"
"12:27:02,3912649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fs_rec.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,4390238","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:02,4394296","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,4397039","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:02,4399106","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:02,4401070","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:02,4402707","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:02,4404732","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:02,4438772","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:02,4443190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,4481308","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:02,4513711","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,4520107","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.950.566, Length: 16.200"
"12:27:02,4524128","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.961.408, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,4555999","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,4560865","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\ndis.sys","NO SUCH FILE","Filter: ndis.sys"
"12:27:02,4564046","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:02,4579716","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,4583695","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Filter: ndis.sys, 1: ndis.sys"
"12:27:02,4587744","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:02,4614615","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,4619868","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:02,4621878","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:02,4629827","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,4633466","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:02,4636708","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:02,4637581","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:02,4640384","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:02,4642736","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:02,4645936","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:02,4649215","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:02,4663192","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,4666732","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:02,4668365","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:02,4674388","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,4677984","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:02,4681198","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:02,4694083","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,4697694","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:02,4700894","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:02,4728558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 843.372, Length: 4.096"
"12:27:02,4732154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 839.680, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,4746961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:02,4777881","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,4793074","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 908.814, Length: 4.096"
"12:27:02,4797534","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 905.216, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,4817888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:02,4829121","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 908.814, Length: 4.096"
"12:27:02,4848747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,4855208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 943.104, Length: 7.024"
"12:27:02,4858431","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 942.080, Length: 8.048, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,4873886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 820.736, Length: 4.096"
"12:27:02,4877819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 819.200, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,4890857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 824.832, Length: 4.096"
"12:27:02,4894478","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 827.392, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,4908109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 822.784, Length: 4.096"
"12:27:02,4914127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 826.880, Length: 4.096"
"12:27:02,4943040","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 830.976, Length: 4.096"
"12:27:02,4946609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 831.488, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,4981736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 835.072, Length: 4.096"
"12:27:02,5024323","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 855.552, Length: 4.096"
"12:27:02,5029907","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 859.648, Length: 4.096"
"12:27:02,5033476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 345.600, Length: 4.096"
"12:27:02,5036727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 344.064, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5058658","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 861.696, Length: 4.096"
"12:27:02,5084348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 865.792, Length: 4.096"
"12:27:02,5098819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 347.648, Length: 4.096"
"12:27:02,5106483","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 943.104, Length: 4.096"
"12:27:02,5110472","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 866.304, Length: 4.096"
"12:27:02,5115650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 940.032, Length: 4.096"
"12:27:02,5126081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,5130904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 843.264, Length: 4.096"
"12:27:02,5147726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 943.104, Length: 4.096"
"12:27:02,5170734","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 788.992, Length: 4.096"
"12:27:02,5175964","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 786.432, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5202144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 943.104, Length: 4.096"
"12:27:02,5208227","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 947.200, Length: 2.928"
"12:27:02,5213811","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:02,5269320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,5275673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:27:02,5278533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 61.840, Length: 61.440"
"12:27:02,5281700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 123.280, Length: 61.440"
"12:27:02,5289762","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 131.072, Length: 57.344, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5321446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 184.720, Length: 61.440"
"12:27:02,5327478","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 188.416, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5341557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 246.160, Length: 61.440"
"12:27:02,5346390","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 249.856, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5362326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 307.600, Length: 61.440"
"12:27:02,5366408","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 311.296, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5381951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 369.040, Length: 61.440"
"12:27:02,5387969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 372.736, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5403242","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 430.480, Length: 61.440"
"12:27:02,5408411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 434.176, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5424240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 491.920, Length: 61.440"
"12:27:02,5430612","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 495.616, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5445115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 553.360, Length: 61.440"
"12:27:02,5451469","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 557.056, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5465548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 614.800, Length: 61.440"
"12:27:02,5470703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 618.496, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5484899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 676.240, Length: 61.440"
"12:27:02,5490049","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 679.936, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5503722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 737.680, Length: 61.440"
"12:27:02,5508928","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 741.376, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,5524378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 799.120, Length: 61.440"
"12:27:02,5528778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 860.560, Length: 61.440"
"12:27:02,5531992","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 922.000, Length: 21.104"
"12:27:02,6323955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 944.475, Length: 4.096"
"12:27:02,6392138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 843.372, Length: 4.096"
"12:27:02,6394914","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,6402565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 399.360, Length: 4.096"
"12:27:02,6406199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 843.372, Length: 4.096"
"12:27:02,6410626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,6416168","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:02,6421374","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:02,6426659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:02,6431865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:02,6437072","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:02,6442273","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:02,6447460","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:02,6452340","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:02,6457542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:02,6462748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:02,6467949","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:02,6473151","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:02,6478026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:02,6483213","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:02,6488419","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:02,6493607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:02,6498486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:02,6503674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:02,6508875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:02,6514067","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:02,6518947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:02,6524526","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:02,6529760","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:02,6534967","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:02,6540168","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:02,6545360","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:02,6550240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:02,6555432","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:02,6560624","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:02,6565816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:02,6570696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:02,6575921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:02,6581453","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:02,6586342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:02,6591539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:02,6596736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:02,6601928","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:02,6606808","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:02,6611995","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:02,6617192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:02,6622375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:02,6628878","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:02,6634102","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:02,6639295","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:02,6644496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:02,6649698","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:02,6654890","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:02,6659774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:02,6664961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:02,6670158","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:02,6675346","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:02,6680230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:02,6685417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:02,6690614","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:02,6695806","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:02,6700677","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:02,6705878","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:02,6711075","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:02,6716258","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:02,6721133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:02,6726707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:02,6731904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:02,6736779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:02,6741981","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:02,6747182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:02,6752365","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:02,6757244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:02,6762441","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:02,6767638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:02,6772835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:02,6777719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:02,6782907","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:02,6788108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:02,6793286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:02,6798166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:02,6803363","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:02,6808559","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:02,6813747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:02,6818627","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:02,6823842","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:02,6829076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:02,6834268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:02,6839460","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:02,6844648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:02,6849518","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:02,6854715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:02,6859907","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:02,6864782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:02,6869974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:02,6875166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:02,6880344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:02,6885219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:02,6890416","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:02,6895282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:02,6900465","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:02,6905657","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:02,6910840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:02,6915710","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:02,6920902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:02,6926509","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:02,6931720","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:02,6936604","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:02,6941792","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:02,6946989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:02,6952176","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:02,6957056","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:02,6962243","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:02,6967445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:02,6972632","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:02,6977507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:02,6982699","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:02,6987910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:02,6993107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:02,6997986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 466.944, Length: 4.096"
"12:27:02,7003174","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 471.040, Length: 4.096"
"12:27:02,7008375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 475.136, Length: 4.096"
"12:27:02,7013568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 479.232, Length: 4.096"
"12:27:02,7018760","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 483.328, Length: 4.096"
"12:27:02,7024008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 487.424, Length: 4.096"
"12:27:02,7029261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 491.520, Length: 4.096"
"12:27:02,7034462","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 495.616, Length: 4.096"
"12:27:02,7039659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 499.712, Length: 4.096"
"12:27:02,7044846","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 503.808, Length: 4.096"
"12:27:02,7049721","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 507.904, Length: 4.096"
"12:27:02,7054913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 512.000, Length: 4.096"
"12:27:02,7060106","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 516.096, Length: 4.096"
"12:27:02,7064980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 520.192, Length: 4.096"
"12:27:02,7070163","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 524.288, Length: 4.096"
"12:27:02,7075365","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 528.384, Length: 4.096"
"12:27:02,7080562","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 532.480, Length: 4.096"
"12:27:02,7085436","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 536.576, Length: 4.096"
"12:27:02,7090624","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 540.672, Length: 4.096"
"12:27:02,7095821","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 544.768, Length: 4.096"
"12:27:02,7100696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 548.864, Length: 4.096"
"12:27:02,7105883","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 552.960, Length: 4.096"
"12:27:02,7111089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 557.056, Length: 4.096"
"12:27:02,7116291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 561.152, Length: 4.096"
"12:27:02,7121469","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 565.248, Length: 4.096"
"12:27:02,7127515","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 569.344, Length: 4.096"
"12:27:02,7132721","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 573.440, Length: 4.096"
"12:27:02,7137601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 577.536, Length: 4.096"
"12:27:02,7142783","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 581.632, Length: 4.096"
"12:27:02,7147980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 585.728, Length: 4.096"
"12:27:02,7153158","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 589.824, Length: 4.096"
"12:27:02,7158047","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 593.920, Length: 4.096"
"12:27:02,7163239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 598.016, Length: 4.096"
"12:27:02,7168427","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 602.112, Length: 4.096"
"12:27:02,7173306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 606.208, Length: 4.096"
"12:27:02,7178489","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 610.304, Length: 4.096"
"12:27:02,7183686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 614.400, Length: 4.096"
"12:27:02,7188556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 618.496, Length: 4.096"
"12:27:02,7193748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 622.592, Length: 4.096"
"12:27:02,7198941","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 626.688, Length: 4.096"
"12:27:02,7204137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 630.784, Length: 4.096"
"12:27:02,7209012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 634.880, Length: 4.096"
"12:27:02,7214195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 638.976, Length: 4.096"
"12:27:02,7219392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 643.072, Length: 4.096"
"12:27:02,7224635","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 647.168, Length: 4.096"
"12:27:02,7233490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 651.264, Length: 4.096"
"12:27:02,7239904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 655.360, Length: 4.096"
"12:27:02,7245166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 659.456, Length: 4.096"
"12:27:02,7250382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 663.552, Length: 4.096"
"12:27:02,7255592","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 667.648, Length: 4.096"
"12:27:02,7260798","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 671.744, Length: 4.096"
"12:27:02,7266005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 675.840, Length: 4.096"
"12:27:02,7271211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 679.936, Length: 4.096"
"12:27:02,7276422","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 684.032, Length: 4.096"
"12:27:02,7281618","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 688.128, Length: 4.096"
"12:27:02,7286493","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 692.224, Length: 4.096"
"12:27:02,7291685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 696.320, Length: 4.096"
"12:27:02,7296887","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 700.416, Length: 4.096"
"12:27:02,7302084","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 704.512, Length: 4.096"
"12:27:02,7310331","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 708.608, Length: 4.096"
"12:27:02,7316741","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 712.704, Length: 4.096"
"12:27:02,7322311","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 716.800, Length: 4.096"
"12:27:02,7328334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 720.896, Length: 4.096"
"12:27:02,7333582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 724.992, Length: 4.096"
"12:27:02,7338793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 729.088, Length: 4.096"
"12:27:02,7344003","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 733.184, Length: 4.096"
"12:27:02,7349219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 737.280, Length: 4.096"
"12:27:02,7354430","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 741.376, Length: 4.096"
"12:27:02,7359645","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 745.472, Length: 4.096"
"12:27:02,7364847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 749.568, Length: 4.096"
"12:27:02,7370053","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 753.664, Length: 4.096"
"12:27:02,7374937","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 757.760, Length: 4.096"
"12:27:02,7380507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 761.856, Length: 4.096"
"12:27:02,7386096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 765.952, Length: 4.096"
"12:27:02,7391348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 770.048, Length: 4.096"
"12:27:02,7396592","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 774.144, Length: 4.096"
"12:27:02,7402157","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 778.240, Length: 4.096"
"12:27:02,7407373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 782.336, Length: 4.096"
"12:27:02,7418205","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 786.432, Length: 4.096"
"12:27:02,7423873","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 790.528, Length: 4.096"
"12:27:02,7429424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 794.624, Length: 4.096"
"12:27:02,7434677","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 798.720, Length: 4.096"
"12:27:02,7440102","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7440270","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 802.816, Length: 4.096"
"12:27:02,7443694","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976125, endtime: 976125, seqnum: 0, connid: 0"
"12:27:02,7445495","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 806.912, Length: 4.096"
"12:27:02,7454732","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 811.008, Length: 4.096"
"12:27:02,7461146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 815.104, Length: 4.096"
"12:27:02,7462126","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7464122","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7465303","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7466166","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7466399","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 819.200, Length: 4.096"
"12:27:02,7467337","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7469333","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7470579","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976125, endtime: 976125, seqnum: 0, connid: 0"
"12:27:02,7471619","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 823.296, Length: 4.096"
"12:27:02,7476825","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 827.392, Length: 4.096"
"12:27:02,7482027","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 831.488, Length: 4.096"
"12:27:02,7487233","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 835.584, Length: 4.096"
"12:27:02,7492112","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 839.680, Length: 4.096"
"12:27:02,7497309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 843.776, Length: 4.096"
"12:27:02,7505543","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 847.872, Length: 4.096"
"12:27:02,7511957","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 851.968, Length: 4.096"
"12:27:02,7517537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 856.064, Length: 4.096"
"12:27:02,7522757","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 860.160, Length: 4.096"
"12:27:02,7528429","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 864.256, Length: 4.096"
"12:27:02,7533650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 868.352, Length: 4.096"
"12:27:02,7538851","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 872.448, Length: 4.096"
"12:27:02,7544067","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 876.544, Length: 4.096"
"12:27:02,7549268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 880.640, Length: 4.096"
"12:27:02,7554479","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 884.736, Length: 4.096"
"12:27:02,7559694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 888.832, Length: 4.096"
"12:27:02,7563188","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.206.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7564914","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 892.928, Length: 4.096"
"12:27:02,7566048","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.206.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7568007","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.206.899, Length: 1.460"
"12:27:02,7570144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 897.024, Length: 4.096"
"12:27:02,7571208","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.208.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7575359","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 901.120, Length: 4.096"
"12:27:02,7586551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 905.216, Length: 4.096"
"12:27:02,7591771","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 909.312, Length: 4.096"
"12:27:02,7596972","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 913.408, Length: 4.096"
"12:27:02,7601857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 917.504, Length: 4.096"
"12:27:02,7607049","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 921.600, Length: 4.096"
"12:27:02,7612255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 925.696, Length: 4.096"
"12:27:02,7617452","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 929.792, Length: 4.096"
"12:27:02,7622644","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 933.888, Length: 4.096"
"12:27:02,7627915","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 937.984, Length: 4.096"
"12:27:02,7633126","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 942.080, Length: 4.096"
"12:27:02,7638337","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 946.176, Length: 3.952"
"12:27:02,7658784","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 843.372, Length: 4.096"
"12:27:02,7663603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,7668053","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:02,7672471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:02,7676879","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:02,7681283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:02,7685696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:02,7690911","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:02,7695334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:02,7699733","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:02,7704146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:02,7708554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:02,7712958","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:02,7719974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:02,7727541","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:02,7732365","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:02,7736792","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:02,7741223","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:02,7746425","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:02,7750880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:02,7755298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:02,7758736","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.208.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7760033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:02,7761894","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.208.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7763508","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.208.359, Length: 8.760"
"12:27:02,7764460","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:02,7767091","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.217.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7768882","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:02,7773286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:02,7777704","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:02,7782094","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:02,7786521","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:02,7790612","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:02,7796163","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:02,7800576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:02,7804989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:02,7809416","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:02,7810321","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:02,7813843","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:02,7814305","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,7816349","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:02,7818266","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:02,7819157","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:02,7821163","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:02,7822693","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:02,7823565","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,7825198","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:02,7827950","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:02,7828674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:02,7830386","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:02,7831972","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,7833581","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:02,7835088","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:02,7835214","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:02,7839538","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:02,7844362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:02,7847632","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7849097","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:02,7850459","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7852022","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7853188","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:02,7853669","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976126, endtime: 976126, seqnum: 0, connid: 0"
"12:27:02,7857592","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:02,7861996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:02,7866409","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:02,7870066","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7870826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:02,7871680","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7872534","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7873700","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7874544","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,7875235","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:02,7876112","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976126, endtime: 976126, seqnum: 0, connid: 0"
"12:27:02,7879639","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:02,7884047","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:02,7888446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:02,7892850","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:02,7897258","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:02,7901653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:02,7905744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:02,7910143","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:02,7914561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:02,7918414","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.217.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7918974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:02,7921992","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.217.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7925659","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.217.119, Length: 4.380"
"12:27:02,7929274","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.221.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7930450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:02,7936076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:02,7940848","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:02,7945261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:02,7949352","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:02,7953756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:02,7958155","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:02,7962559","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:02,7966967","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:02,7971385","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:02,7975789","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:02,7979190","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.221.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7980207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:02,7981998","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.221.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7983626","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.221.499, Length: 7.300"
"12:27:02,7986201","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:02,7988832","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.228.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,7990661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:02,7995069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:02,7999478","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:02,8003882","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:02,8008290","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:02,8012698","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:02,8017102","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:02,8021511","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:02,8027986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:02,8032739","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:02,8041813","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:02,8050144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:02,8059083","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:02,8065138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:02,8070778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:02,8076730","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:02,8082011","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:02,8087586","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:02,8092824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:02,8098073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:02,8103657","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:02,8109264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:02,8114848","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:02,8120115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:02,8126114","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:02,8131339","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:02,8136582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:02,8142138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:02,8147396","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:02,8153297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:02,8158181","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:02,8163952","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:02,8168038","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8169204","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:02,8171192","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8173221","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976126, endtime: 976126, seqnum: 0, connid: 0"
"12:27:02,8174397","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:02,8179607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:02,8184893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:02,8190113","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:02,8194904","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8194918","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:02,8197717","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8198949","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8200133","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8200483","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:02,8201332","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8203716","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8204943","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976126, endtime: 976126, seqnum: 0, connid: 0"
"12:27:02,8205731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:02,8210919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:02,8215393","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:02,8219801","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:02,8225031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:02,8230605","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:02,8235447","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 466.944, Length: 4.096"
"12:27:02,8240593","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 471.040, Length: 4.096"
"12:27:02,8245459","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 475.136, Length: 4.096"
"12:27:02,8250707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 479.232, Length: 4.096"
"12:27:02,8255871","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 483.328, Length: 4.096"
"12:27:02,8261133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 487.424, Length: 4.096"
"12:27:02,8266689","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 491.520, Length: 4.096"
"12:27:02,8271956","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 495.616, Length: 4.096"
"12:27:02,8272138","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.228.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8274969","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.228.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8276747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 499.712, Length: 4.096"
"12:27:02,8276943","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.228.799, Length: 2.920"
"12:27:02,8279760","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.231.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8281169","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 503.808, Length: 4.096"
"12:27:02,8285596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 507.904, Length: 4.096"
"12:27:02,8290000","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 512.000, Length: 4.096"
"12:27:02,8294838","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 516.096, Length: 4.096"
"12:27:02,8300384","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 520.192, Length: 4.096"
"12:27:02,8305199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 524.288, Length: 4.096"
"12:27:02,8309598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 528.384, Length: 4.096"
"12:27:02,8313698","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 532.480, Length: 4.096"
"12:27:02,8318489","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 536.576, Length: 4.096"
"12:27:02,8318638","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.231.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8321465","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.231.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8323691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 540.672, Length: 4.096"
"12:27:02,8323840","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.231.719, Length: 8.760"
"12:27:02,8327427","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.240.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8328934","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 544.768, Length: 4.096"
"12:27:02,8333692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 548.864, Length: 4.096"
"12:27:02,8338096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 552.960, Length: 4.096"
"12:27:02,8342183","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 557.056, Length: 4.096"
"12:27:02,8346586","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 561.152, Length: 4.096"
"12:27:02,8350986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 565.248, Length: 4.096"
"12:27:02,8355389","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 569.344, Length: 4.096"
"12:27:02,8359802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 573.440, Length: 4.096"
"12:27:02,8364211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 577.536, Length: 4.096"
"12:27:02,8369002","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 581.632, Length: 4.096"
"12:27:02,8373410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 585.728, Length: 4.096"
"12:27:02,8377487","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 589.824, Length: 4.096"
"12:27:02,8381905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 593.920, Length: 4.096"
"12:27:02,8386304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 598.016, Length: 4.096"
"12:27:02,8391063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 602.112, Length: 4.096"
"12:27:02,8395471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 606.208, Length: 4.096"
"12:27:02,8399865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 610.304, Length: 4.096"
"12:27:02,8404292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 614.400, Length: 4.096"
"12:27:02,8409545","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 618.496, Length: 4.096"
"12:27:02,8413977","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 622.592, Length: 4.096"
"12:27:02,8418782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 626.688, Length: 4.096"
"12:27:02,8423592","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 630.784, Length: 4.096"
"12:27:02,8430043","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 634.880, Length: 4.096"
"12:27:02,8438020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 638.976, Length: 4.096"
"12:27:02,8443637","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 643.072, Length: 4.096"
"12:27:02,8448414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 647.168, Length: 4.096"
"12:27:02,8452827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 651.264, Length: 4.096"
"12:27:02,8457226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 655.360, Length: 4.096"
"12:27:02,8461322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 659.456, Length: 4.096"
"12:27:02,8465731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 663.552, Length: 4.096"
"12:27:02,8470139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 667.648, Length: 4.096"
"12:27:02,8474552","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 671.744, Length: 4.096"
"12:27:02,8478956","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 675.840, Length: 4.096"
"12:27:02,8483378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 679.936, Length: 4.096"
"12:27:02,8484950","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8487754","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8488155","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 684.032, Length: 4.096"
"12:27:02,8490520","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976126, endtime: 976126, seqnum: 0, connid: 0"
"12:27:02,8492568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 688.128, Length: 4.096"
"12:27:02,8496977","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 692.224, Length: 4.096"
"12:27:02,8501390","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 696.320, Length: 4.096"
"12:27:02,8503013","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8504958","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8505817","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8505845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 700.416, Length: 4.096"
"12:27:02,8507422","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976126, endtime: 976126, seqnum: 0, connid: 0"
"12:27:02,8510253","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 704.512, Length: 4.096"
"12:27:02,8514662","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 708.608, Length: 4.096"
"12:27:02,8520101","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 712.704, Length: 4.096"
"12:27:02,8520236","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8521832","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8522685","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8523852","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8525410","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976126, endtime: 976126, seqnum: 0, connid: 0"
"12:27:02,8528517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 716.800, Length: 4.096"
"12:27:02,8533354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 720.896, Length: 4.096"
"12:27:02,8539918","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 724.992, Length: 4.096"
"12:27:02,8547583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 729.088, Length: 4.096"
"12:27:02,8552392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 733.184, Length: 4.096"
"12:27:02,8556796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 737.280, Length: 4.096"
"12:27:02,8561195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 741.376, Length: 4.096"
"12:27:02,8565603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 745.472, Length: 4.096"
"12:27:02,8570017","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 749.568, Length: 4.096"
"12:27:02,8574425","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 753.664, Length: 4.096"
"12:27:02,8578833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 757.760, Length: 4.096"
"12:27:02,8583237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 761.856, Length: 4.096"
"12:27:02,8587646","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 765.952, Length: 4.096"
"12:27:02,8592049","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 770.048, Length: 4.096"
"12:27:02,8595688","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.240.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8596467","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 774.144, Length: 4.096"
"12:27:02,8598524","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.240.704, EndOfFile: 407.240.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8600927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 778.240, Length: 4.096"
"12:27:02,8603712","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.240.479, Length: 2.920, Priority: Normal"
"12:27:02,8605685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 782.336, Length: 4.096"
"12:27:02,8610084","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 786.432, Length: 4.096"
"12:27:02,8614185","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 790.528, Length: 4.096"
"12:27:02,8618579","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 794.624, Length: 4.096"
"12:27:02,8623342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 798.720, Length: 4.096"
"12:27:02,8625357","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.243.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8628968","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 802.816, Length: 4.096"
"12:27:02,8633391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 806.912, Length: 4.096"
"12:27:02,8638723","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.243.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8638998","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 811.008, Length: 4.096"
"12:27:02,8641522","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.243.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8643439","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 815.104, Length: 4.096"
"12:27:02,8643504","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.243.399, Length: 4.380"
"12:27:02,8646704","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.247.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8647866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 819.200, Length: 4.096"
"12:27:02,8652279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 823.296, Length: 4.096"
"12:27:02,8656688","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 827.392, Length: 4.096"
"12:27:02,8661096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 831.488, Length: 4.096"
"12:27:02,8665504","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 835.584, Length: 4.096"
"12:27:02,8669908","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 839.680, Length: 4.096"
"12:27:02,8674312","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 843.776, Length: 4.096"
"12:27:02,8678716","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 847.872, Length: 4.096"
"12:27:02,8683115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 851.968, Length: 4.096"
"12:27:02,8687206","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 856.064, Length: 4.096"
"12:27:02,8691600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 860.160, Length: 4.096"
"12:27:02,8695748","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.247.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8698579","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.247.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8699050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 864.256, Length: 4.096"
"12:27:02,8700548","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.247.779, Length: 2.920"
"12:27:02,8703748","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.250.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8706762","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 868.352, Length: 4.096"
"12:27:02,8712038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 872.448, Length: 4.096"
"12:27:02,8716810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 876.544, Length: 4.096"
"12:27:02,8721228","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 880.640, Length: 4.096"
"12:27:02,8726439","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 884.736, Length: 4.096"
"12:27:02,8730861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 888.832, Length: 4.096"
"12:27:02,8735288","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 892.928, Length: 4.096"
"12:27:02,8736002","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.250.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8738750","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.250.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8739715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 897.024, Length: 4.096"
"12:27:02,8741581","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.250.699, Length: 2.920"
"12:27:02,8744147","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 901.120, Length: 4.096"
"12:27:02,8744767","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.253.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8748551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 905.216, Length: 4.096"
"12:27:02,8752950","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 909.312, Length: 4.096"
"12:27:02,8757358","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 913.408, Length: 4.096"
"12:27:02,8761771","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 917.504, Length: 4.096"
"12:27:02,8766184","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 921.600, Length: 4.096"
"12:27:02,8770588","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 925.696, Length: 4.096"
"12:27:02,8775001","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 929.792, Length: 4.096"
"12:27:02,8779410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 933.888, Length: 4.096"
"12:27:02,8783818","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 937.984, Length: 4.096"
"12:27:02,8788217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 942.080, Length: 4.096"
"12:27:02,8792626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 946.176, Length: 3.952"
"12:27:02,8817961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 843.372, Length: 4.096"
"12:27:02,8819491","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8821955","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8823956","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976127, endtime: 976127, seqnum: 0, connid: 0"
"12:27:02,8826307","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 943.104, Length: 4.096"
"12:27:02,8841216","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8842849","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8844020","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8845196","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8846040","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8847603","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976127, endtime: 976127, seqnum: 0, connid: 0"
"12:27:02,8856811","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8858085","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,8859643","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976127, endtime: 976127, seqnum: 0, connid: 0"
"12:27:02,8875877","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.253.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8879469","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.253.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8881881","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.253.619, Length: 2.920"
"12:27:02,8885058","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.256.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8912530","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 845.312, Length: 4.096"
"12:27:02,8918142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 849.408, Length: 4.096"
"12:27:02,8922924","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 853.504, Length: 4.096"
"12:27:02,8925909","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.256.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8930276","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.256.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8934903","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.256.539, Length: 4.380"
"12:27:02,8938528","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.260.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8972895","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.260.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8975680","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.260.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,8977313","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.260.919, Length: 2.920"
"12:27:02,8980509","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.263.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9007463","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.263.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9010262","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.263.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9012221","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.263.839, Length: 2.920"
"12:27:02,9015085","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.266.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9089035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndis.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,9145733","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,9148705","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976127, endtime: 976127, seqnum: 0, connid: 0"
"12:27:02,9169828","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,9172189","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,9173784","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,9175048","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,9176620","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,9179419","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,9181071","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976127, endtime: 976127, seqnum: 0, connid: 0"
"12:27:02,9192696","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,9194721","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,9196699","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976127, endtime: 976127, seqnum: 0, connid: 0"
"12:27:02,9222664","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.266.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9226247","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.266.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9227893","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.266.759, Length: 1.460"
"12:27:02,9230702","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.268.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9343595","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.268.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9346809","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.268.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9348885","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.268.219, Length: 8.760"
"12:27:02,9352892","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.276.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9370069","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.276.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9372550","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.276.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9374897","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.276.979, Length: 2.920"
"12:27:02,9378172","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.279.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9431600","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,9434828","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:02,9438425","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:02,9441998","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:02,9444853","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:02,9447265","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,9449285","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:02,9451673","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:02,9454090","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:02,9456105","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:02,9458102","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,9460089","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:02,9462128","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:02,9464512","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:02,9467287","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:02,9469288","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,9470954","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:02,9472969","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:02,9475325","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:02,9477746","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:02,9529719","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:02,9533264","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976127, endtime: 976127, seqnum: 0, connid: 0"
"12:27:02,9612331","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.279.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9615158","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.279.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9617519","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.279.899, Length: 1.460"
"12:27:02,9619945","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.281.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:02,9649068","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:02,9653075","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:02,9655497","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:02,9657880","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:02,9659518","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:02,9661468","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:02,9663474","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:02,9695984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:02,9700798","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,9718801","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:02,9751064","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:02,9757086","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.702.220, Length: 16.200"
"12:27:02,9778704","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,9783154","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\NETIO.SYS","NO SUCH FILE","Filter: NETIO.SYS"
"12:27:02,9785991","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:02,9808103","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,9813668","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\NETIO.SYS","SUCCESS","Filter: NETIO.SYS, 1: netio.sys"
"12:27:02,9817741","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:02,9846990","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,9852598","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:02,9854613","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:02,9861041","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,9864680","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:02,9868235","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:02,9894373","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,9897923","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:02,9899551","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:02,9905583","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,9909189","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:02,9912389","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:02,9926463","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:02,9930433","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:02,9933647","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:02,9959725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 360.556, Length: 4.096"
"12:27:02,9963345","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 360.448, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:02,9978884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:03,0009766","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,0052273","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 369.664, Length: 7.024"
"12:27:03,0055852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 368.640, Length: 8.048, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,0071577","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 345.600, Length: 4.096"
"12:27:03,0075533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 344.064, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,0089682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 349.696, Length: 4.096"
"12:27:03,0093321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 352.256, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,0130356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 353.792, Length: 4.096"
"12:27:03,0134401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 356.352, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,0174884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 357.888, Length: 4.096"
"12:27:03,0211854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 361.984, Length: 4.096"
"12:27:03,0216262","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 262.656, Length: 4.096"
"12:27:03,0219826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 262.144, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,0242139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:03,0277038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 369.664, Length: 4.096"
"12:27:03,0281106","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 367.104, Length: 4.096"
"12:27:03,0289503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,0301888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 369.664, Length: 4.096"
"12:27:03,0325614","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 195.584, Length: 4.096"
"12:27:03,0329193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 192.512, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,0354659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 369.664, Length: 4.096"
"12:27:03,0360737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 373.760, Length: 2.928"
"12:27:03,0366340","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:03,0417706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,0430003","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 4.096, Length: 57.768"
"12:27:03,0434351","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 61.864, Length: 61.440"
"12:27:03,0437579","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 123.304, Length: 61.440"
"12:27:03,0442016","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 131.072, Length: 57.344, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,0457583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 184.744, Length: 61.440"
"12:27:03,0462728","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 188.416, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,0477208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 246.184, Length: 61.440"
"12:27:03,0482032","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 249.856, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,0497230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 307.624, Length: 61.440"
"12:27:03,0501700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 311.296, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,0516413","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 369.064, Length: 4.096"
"12:27:03,0874302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 264.704, Length: 4.096"
"12:27:03,0907587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 360.556, Length: 4.096"
"12:27:03,0910022","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,0917248","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 315.904, Length: 4.096"
"12:27:03,0920836","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 360.556, Length: 4.096"
"12:27:03,0925309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,0930889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:03,0936104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:03,0941320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:03,0946535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:03,0951727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:03,0956929","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:03,0961822","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:03,0967019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:03,0972225","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:03,0977427","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:03,0982628","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:03,0987513","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:03,0992714","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:03,0997916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:03,1003112","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:03,1008314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:03,1013501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:03,1018395","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:03,1023610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:03,1029166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:03,1034363","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:03,1039257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:03,1044449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:03,1049664","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:03,1054870","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:03,1060072","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:03,1065273","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:03,1070153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:03,1075350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:03,1080556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:03,1085757","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:03,1090950","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:03,1095829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:03,1101021","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:03,1106223","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:03,1111424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:03,1116616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:03,1121491","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:03,1128312","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:03,1133536","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:03,1138733","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:03,1143939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:03,1149150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:03,1154347","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:03,1159590","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:03,1164797","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:03,1169998","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:03,1175195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:03,1180070","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:03,1185271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:03,1190468","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:03,1195665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:03,1200871","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:03,1205755","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:03,1210947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:03,1216149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:03,1221350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:03,1228562","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:03,1234170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:03,1239413","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:03,1245795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:03,1251062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:03,1256291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:03,1261525","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:03,1271480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:03,1283563","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:03,1289986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:03,1295962","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:03,1301201","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:03,1306459","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:03,1311674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:03,1316880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:03,1322096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:03,1328123","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:03,1333683","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:03,1338922","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:03,1344558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:03,1350128","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:03,1356570","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:03,1362196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:03,1367416","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:03,1372618","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:03,1377824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:03,1383025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:03,1388222","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:03,1393111","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:03,1398308","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:03,1403514","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:03,1408720","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:03,1413921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:03,1419123","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 372.736, Length: 3.952"
"12:27:03,1441221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 360.556, Length: 4.096"
"12:27:03,1446880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,1451666","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:03,1456084","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:03,1460502","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:03,1464915","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:03,1469328","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:03,1473736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:03,1478140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:03,1482548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:03,1486961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:03,1491365","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:03,1495769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:03,1500182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:03,1504590","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:03,1508985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:03,1513081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:03,1517480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:03,1521893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:03,1526297","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1526670","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:03,1531451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:03,1534736","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:03,1535888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:03,1538281","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:03,1540348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:03,1544770","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:03,1549183","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:03,1553596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:03,1557608","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,1558019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:03,1562777","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:03,1567190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:03,1571598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:03,1576012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:03,1580425","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:03,1584875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:03,1589307","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:03,1593715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:03,1598133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:03,1598777","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1602537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:03,1605956","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, FileAttributes: ANCI"
"12:27:03,1606959","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:03,1607985","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,1611689","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:03,1614428","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1616121","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:03,1619247","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:03,1620539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:03,1624835","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,1625745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:03,1630233","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:03,1634651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:03,1639372","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:03,1640925","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1643803","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:03,1645702","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:03,1648226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:03,1649303","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,1652639","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:03,1657057","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:03,1661488","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:03,1662160","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1665901","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:03,1669811","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:03,1670692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:03,1675129","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:03,1675824","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,1679556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:03,1683974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:03,1688377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:03,1692795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:03,1694307","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1697218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:03,1699536","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:03,1701635","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:03,1702755","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,1706062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:03,1710802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:03,1715210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:03,1719638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:03,1725278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:03,1730115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:03,1734906","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:03,1739343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:03,1743005","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1746988","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:03,1752624","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, FileAttributes: ANCI"
"12:27:03,1753034","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:03,1757737","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,1759071","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:03,1764678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:03,1769842","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:03,1774321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:03,1779070","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:03,1783539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:03,1787005","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1788320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:03,1791838","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:01, LastWriteTime: 06.10.2013 12:27:01, ChangeTime: 06.10.2013 12:27:01, FileAttributes: DNCI"
"12:27:03,1792757","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:03,1793806","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,1797954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:03,1802796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:03,1807228","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:03,1811991","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:03,1815545","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1816422","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:03,1819930","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,1820849","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:03,1821577","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,1826489","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:03,1831658","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:03,1836519","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:03,1841707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:03,1846143","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:03,1850915","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:03,1854755","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1855706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:03,1859979","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,1860558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:03,1862027","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,1865353","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:03,1870149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 372.736, Length: 3.952"
"12:27:03,1885315","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1889719","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,1891352","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:03,1894855","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 360.556, Length: 4.096"
"12:27:03,1903648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 369.664, Length: 4.096"
"12:27:03,1913753","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1917816","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:03,1919794","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:03,1952468","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1957352","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:03,1959349","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:03,1981778","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,1983159","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 368.128, Length: 4.096"
"12:27:03,1985832","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:03,1987786","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,2009035","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2013061","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:03,2014689","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,2038742","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2042773","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:03,2044401","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:03,2050363","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2054785","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,2061251","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2066821","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:03,2068831","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,2082845","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2088518","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:03,2090958","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:03,2099970","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:03,2102839","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7400000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:03,2105652","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,2116862","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2123300","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:03,2126071","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:03,2140033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,2142958","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,2181748","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2187318","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, FileAttributes: ANCI"
"12:27:03,2188983","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,2195384","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2200165","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:03,2204177","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,2217813","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2222240","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:03,2225869","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,2239053","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2243125","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:03,2246311","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,2262359","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2267990","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:03,2271176","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,2294874","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2299632","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, FileAttributes: ANCI"
"12:27:03,2301284","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,2322589","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2327762","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:01, LastWriteTime: 06.10.2013 12:27:01, ChangeTime: 06.10.2013 12:27:01, FileAttributes: DNCI"
"12:27:03,2329395","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,2350635","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2354656","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,2356289","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,2377897","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2381932","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,2383560","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,2405971","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2409992","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,2411611","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:03,2439312","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2443342","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:03,2445302","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:03,2466163","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2470180","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:03,2471799","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:03,2493827","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2497834","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:03,2499472","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,2521528","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2526351","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:03,2527979","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,2550012","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2554029","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:03,2555647","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:03,2561255","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2565668","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,2572451","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2578081","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:03,2580083","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,2594171","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2600147","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:03,2602601","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:03,2611623","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:03,2614823","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7400000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:03,2617655","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,2639296","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:03,2648332","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes189.wohnheim.uni-kl.de:55483","SUCCESS","Length: 25, seqnum: 0, connid: 0"
"12:27:03,2673798","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:03,2678160","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,2680590","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:03,2682988","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,2684639","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:03,2685232","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2686603","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:03,2688609","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:03,2691623","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, FileAttributes: ANCI"
"12:27:03,2694422","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,2702828","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2708459","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:03,2713250","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,2724329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:03,2729157","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,2737233","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2744020","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:03,2747323","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:03,2748074","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,2763277","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2767742","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:03,2770932","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,2778019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,2783710","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.110.570, Length: 16.200"
"12:27:03,2785403","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2790157","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:03,2793017","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,2805370","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,2809801","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\ksecpkg.sys","NO SUCH FILE","Filter: ksecpkg.sys"
"12:27:03,2812978","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:03,2827925","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2831134","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,2835594","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, FileAttributes: ANCI"
"12:27:03,2837983","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Filter: ksecpkg.sys, 1: ksecpkg.sys"
"12:27:03,2838006","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,2843203","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:03,2865291","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2869705","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:01, LastWriteTime: 06.10.2013 12:27:01, ChangeTime: 06.10.2013 12:27:01, FileAttributes: DNCI"
"12:27:03,2871664","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,2873311","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,2878904","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:03,2880915","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:03,2887735","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,2891355","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:03,2894135","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2894606","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:03,2898175","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,2899803","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,2922666","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,2925470","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2927863","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:03,2929505","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:03,2930690","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,2932654","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,2935924","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,2939861","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:03,2943113","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:03,2955097","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2957183","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,2959137","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,2960770","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:03,2961180","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:03,2964404","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:03,2982765","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,2986437","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:03,2988060","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:03,2990859","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 141.420, Length: 4.096"
"12:27:03,2994456","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 139.264, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,3009463","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:03,3010112","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3014114","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:03,3015733","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:03,3038153","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3042575","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:03,3044199","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,3055194","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,3065098","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3069077","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:03,3070696","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,3091577","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3095565","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:03,3097189","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:03,3098901","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 147.456, Length: 7.024"
"12:27:03,3102889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 147.456, Length: 7.024, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,3103150","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3107554","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,3114006","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3118526","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 141.312, Length: 4.096"
"12:27:03,3119590","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:03,3121265","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,3124927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 56.832, Length: 4.096"
"12:27:03,3136892","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3142108","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:03,3145728","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:03,3148490","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:03,3150192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 144.896, Length: 4.096"
"12:27:03,3157955","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,3160800","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:03,3164276","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,3165582","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,3176699","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:03,3199184","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 151.552, Length: 2.928"
"12:27:03,3204815","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:03,3252925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,3258117","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 4.096, Length: 57.760"
"12:27:03,3260972","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 61.856, Length: 61.440"
"12:27:03,3264191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 123.296, Length: 24.160"
"12:27:03,3363411","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,3403623","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3408451","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:01, LastWriteTime: 06.10.2013 12:27:01, ChangeTime: 06.10.2013 12:27:01, FileAttributes: DNCI"
"12:27:03,3410439","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,3415570","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 148.827, Length: 4.096"
"12:27:03,3416508","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3421285","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:03,3428082","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,3442184","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3446956","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:03,3450222","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,3463410","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3467804","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:03,3470654","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,3483856","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3487836","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 141.420, Length: 4.096"
"12:27:03,3488288","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:03,3491012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,3491479","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,3498616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:03,3502610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 141.420, Length: 4.096"
"12:27:03,3513572","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3517589","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:01, LastWriteTime: 06.10.2013 12:27:01, ChangeTime: 06.10.2013 12:27:01, FileAttributes: DNCI"
"12:27:03,3519217","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,3538759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:03,3542062","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3546101","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:01, LastWriteTime: 06.10.2013 12:27:01, ChangeTime: 06.10.2013 12:27:01, FileAttributes: DNCI"
"12:27:03,3547720","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,3568526","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3572533","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,3574157","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,3595047","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3599035","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,3600654","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,3610576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 146.432, Length: 4.096"
"12:27:03,3621506","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3627949","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,3629894","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:03,3651148","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3654824","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:03,3656443","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:03,3676852","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3680836","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:03,3682492","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:03,3694803","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksecpkg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,3703340","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3707314","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:03,3708933","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,3723325","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes189.wohnheim.uni-kl.de:55483","SUCCESS","Length: 25, seqnum: 0, connid: 0"
"12:27:03,3731003","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3734675","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:03,3737017","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,3757897","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3761890","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:03,3763504","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:03,3769102","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3773166","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,3779599","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3785169","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:03,3787175","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,3800419","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3805643","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:03,3808069","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:03,3817129","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:03,3823594","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:03,3828381","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:03,3831138","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,3839633","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3846014","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:03,3848449","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:03,3864903","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,3878903","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,3918037","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3923267","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,3925296","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,3932125","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3937257","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:03,3940947","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,3955357","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3959803","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:03,3963381","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,3976648","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,3981066","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:03,3984280","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,3997851","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4002268","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:03,4005473","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,4029988","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4034000","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,4035632","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,4057292","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4061673","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,4063305","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,4084942","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4088958","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,4090945","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,4112670","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4117018","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,4118637","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:03,4143086","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4147112","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:03,4148740","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:03,4170768","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4174775","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:03,4176394","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:03,4197643","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4201301","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:03,4202910","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,4219998","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:03,4223371","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4224756","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,4227219","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:03,4227788","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:03,4229995","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,4230177","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,4231992","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:03,4233979","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:03,4236004","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:03,4251412","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4255093","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:03,4257029","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:03,4262309","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4266709","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,4268108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:03,4272927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4273505","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4278763","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:03,4280764","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,4293961","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4301365","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:03,4305349","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:03,4307448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:03,4314879","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:03,4320435","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,4336893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,4342137","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:03,4342916","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.420.502, Length: 16.200"
"12:27:03,4346550","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.424.832, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4376145","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,4380936","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\tcpip.sys","NO SUCH FILE","Filter: tcpip.sys"
"12:27:03,4384103","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:03,4399824","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,4403785","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Filter: tcpip.sys, 1: tcpip.sys"
"12:27:03,4407778","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:03,4432694","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,4435470","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,4440736","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:03,4442747","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:03,4449157","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,4453131","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:03,4456355","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:03,4457568","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4462032","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:01, LastWriteTime: 06.10.2013 12:27:01, ChangeTime: 06.10.2013 12:27:01, FileAttributes: DNCI"
"12:27:03,4464015","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,4470075","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4474866","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:03,4478873","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,4491436","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,4492877","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4495447","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:03,4497327","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:03,4497463","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:03,4500934","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,4504628","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,4508621","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:03,4512293","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:03,4514140","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4518241","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:03,4521446","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,4528480","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,4536070","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:03,4540908","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:03,4542009","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4547187","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:03,4550411","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,4566561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.748.076, Length: 4.096"
"12:27:03,4570195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.744.896, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4576847","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,4587735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:03,4598954","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4603321","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:01, LastWriteTime: 06.10.2013 12:27:01, ChangeTime: 06.10.2013 12:27:01, FileAttributes: DNCI"
"12:27:03,4604949","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,4618235","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,4626585","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4630630","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,4632454","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:03,4632678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.813.518, Length: 4.096"
"12:27:03,4634231","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,4635290","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:03,4636326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.810.432, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4637333","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:03,4640501","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:03,4644088","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:03,4655900","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4657379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:03,4659931","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,4661554","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,4666989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.813.518, Length: 4.096"
"12:27:03,4682808","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4686810","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,4688429","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:03,4694130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,4700903","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.903.104, Length: 7.104"
"12:27:03,4704500","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.900.544, Length: 9.664, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4709636","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4713294","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:03,4714908","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:03,4720007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.750.016, Length: 4.096"
"12:27:03,4724037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.753.088, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4737318","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4738149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.754.112, Length: 4.096"
"12:27:03,4741354","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:03,4741759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.757.184, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4742977","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:03,4755241","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.310.720, Length: 4.096"
"12:27:03,4759225","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.310.720, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4763872","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4767851","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:03,4769456","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,4781412","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.758.208, Length: 4.096"
"12:27:03,4785013","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.761.280, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4791101","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4795108","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:03,4796727","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,4817547","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4821232","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:03,4822599","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.762.304, Length: 4.096"
"12:27:03,4823201","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:03,4828640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.765.376, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4828864","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4833254","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,4839701","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,4845271","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:03,4847268","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,4854727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.312.768, Length: 4.096"
"12:27:03,4858338","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.314.816, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4861361","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:03,4877184","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.764.352, Length: 4.096"
"12:27:03,4906499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.768.448, Length: 4.096"
"12:27:03,4909727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.769.472, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4943759","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:03,4946949","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:03,4952944","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.314.816, Length: 4.096"
"12:27:03,4956480","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,4958906","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,4961290","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:03,4963347","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.903.104, Length: 4.096"
"12:27:03,4967419","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.769.984, Length: 4.096"
"12:27:03,4970526","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:03,4970610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.773.568, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,4972933","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:03,4975350","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:03,4984988","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.810.944, Length: 4.096"
"12:27:03,4995069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,4999034","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,4999860","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.747.968, Length: 4.096"
"12:27:03,5013897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.903.104, Length: 4.096"
"12:27:03,5038761","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.907.200, Length: 3.008"
"12:27:03,5042629","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5044420","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:03,5048213","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, FileAttributes: ANCI"
"12:27:03,5050214","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,5056647","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5061433","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:03,5065478","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,5082356","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5087539","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:03,5091499","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,5102093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,5105177","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5108522","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 4.096, Length: 57.760"
"12:27:03,5109959","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:03,5113275","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 61.856, Length: 61.440"
"12:27:03,5114022","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,5117707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 123.296, Length: 61.440"
"12:27:03,5131296","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5136069","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:03,5139255","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,5148496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 184.736, Length: 61.440"
"12:27:03,5152564","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 246.176, Length: 61.440"
"12:27:03,5162594","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5167385","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, FileAttributes: ANCI"
"12:27:03,5169022","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,5186119","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 307.616, Length: 61.440"
"12:27:03,5190187","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 369.056, Length: 61.440"
"12:27:03,5193747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 430.496, Length: 61.440"
"12:27:03,5196616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 491.936, Length: 61.440"
"12:27:03,5202270","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5207494","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:03,5209477","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,5219745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 553.376, Length: 61.440"
"12:27:03,5224951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 614.816, Length: 61.440"
"12:27:03,5228589","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 676.256, Length: 61.440"
"12:27:03,5231813","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 737.696, Length: 61.440"
"12:27:03,5233917","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5238717","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,5240364","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,5262840","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5263568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 799.136, Length: 61.440"
"12:27:03,5267253","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,5267631","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 860.576, Length: 61.440"
"12:27:03,5269226","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,5272030","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 922.016, Length: 61.440"
"12:27:03,5275235","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 983.456, Length: 61.440"
"12:27:03,5278071","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.044.896, Length: 4.096"
"12:27:03,5292099","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5296157","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,5298159","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:03,5320975","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5327828","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:03,5329461","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:03,5350700","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5355058","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:03,5356681","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:03,5377585","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5381587","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:03,5383206","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,5404068","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5408057","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:03,5409675","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,5431685","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5435706","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:03,5437334","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:03,5442974","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5447397","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,5454184","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5459437","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:03,5461443","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,5476287","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5483900","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:03,5487856","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:03,5490296","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:03,5498614","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:03,5503003","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:03,5506637","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,5509054","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:00, LastWriteTime: 06.10.2013 12:27:00, ChangeTime: 06.10.2013 12:27:01, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:03,5549961","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,5587925","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5593495","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:03,5595188","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:03,5602009","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5607607","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:03,5611595","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,5626439","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5630894","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:03,5637845","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,5656286","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5661506","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:03,5664725","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,5678771","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5683539","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:03,5686762","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,5710073","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5714864","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:03,5717271","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:03,5759354","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5764565","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:03,5766548","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,5779335","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes189.wohnheim.uni-kl.de:52771","SUCCESS","Length: 25, seqnum: 0, connid: 0"
"12:27:03,5789033","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5793404","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,5795042","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,5816757","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5821114","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,5822738","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,5850443","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5854810","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,5856433","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:03,5878069","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5882100","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:03,5883714","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:03,5904203","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5908210","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:03,5909829","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:03,5943473","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5948660","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:03,5950335","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,5972797","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,5977168","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:03,5978791","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,6000078","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6004426","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:03,6006054","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:03,6011708","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6016130","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,6023291","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6028931","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:03,6030937","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,6045394","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6053039","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:03,6056986","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:03,6059421","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:03,6067781","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:03,6072189","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:03,6087043","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:03,6172748","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,6196852","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6201284","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:03,6203257","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,6209270","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6213749","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:03,6214677","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.048.992, Length: 61.440"
"12:27:03,6217747","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,6219090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.110.432, Length: 61.440"
"12:27:03,6226680","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.171.872, Length: 61.440"
"12:27:03,6230309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.233.312, Length: 61.440"
"12:27:03,6232577","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6233892","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.294.752, Length: 61.440"
"12:27:03,6238156","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:03,6241762","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,6254614","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6256410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.356.192, Length: 61.440"
"12:27:03,6259466","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:03,6261290","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.417.632, Length: 61.440"
"12:27:03,6263048","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,6264877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.479.072, Length: 61.440"
"12:27:03,6268105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.540.512, Length: 61.440"
"12:27:03,6277496","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6281923","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:03,6285114","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,6291981","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.601.952, Length: 61.440"
"12:27:03,6300028","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.663.392, Length: 61.440"
"12:27:03,6304777","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.724.832, Length: 61.440"
"12:27:03,6309586","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.786.272, Length: 61.440"
"12:27:03,6312819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.847.712, Length: 55.392"
"12:27:03,6317522","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:03,6343580","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6348026","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:03,6349995","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,6371650","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6375685","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:03,6377318","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:03,6398972","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6402994","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,6404939","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:03,6437030","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6445081","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:03,6447129","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:03,6470310","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6474382","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:03,6476006","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:03,6496826","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6500851","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:03,6502475","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:03,6524092","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6529341","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:03,6530964","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:03,6552194","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6556206","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:03,6557825","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:03,6579065","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6583072","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:03,6584700","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:03,6590331","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6594749","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,6601555","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6607134","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:03,6609135","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:03,6616021","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:03,6627604","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:03,6673629","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:03,6715339","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:03,6716612","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:03,6735743","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:03,6738542","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:03,6743730","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:03,6928846","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes189.wohnheim.uni-kl.de:52771","SUCCESS","Length: 25, seqnum: 0, connid: 0"
"12:27:03,7076032","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.904.456, Length: 4.096"
"12:27:03,7148703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.748.076, Length: 4.096"
"12:27:03,7152272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,7161089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.468.928, Length: 4.096"
"12:27:03,7165539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.748.076, Length: 4.096"
"12:27:03,7205262","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 1.903.104, Length: 4.096"
"12:27:03,7428692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpip.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,7872576","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:03,7876648","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,7879410","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:03,7881808","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,7884220","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:03,7885866","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:03,7887886","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:03,7946455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tcpip.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:03,7950920","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tcpip.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,7965330","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tcpip.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:03,7994962","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tcpip.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,8001325","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.490.486, Length: 16.200"
"12:27:03,8022224","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,8027827","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\tcpip.sys.mui","SUCCESS","Filter: tcpip.sys.mui, 1: tcpip.sys.mui"
"12:27:03,8031834","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:03,8053862","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,8057898","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\tcpip.sys.mui","SUCCESS","Filter: tcpip.sys.mui, 1: tcpip.sys.mui"
"12:27:03,8061527","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:03,8087623","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,8093184","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:03,8095204","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:03,8101273","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,8104893","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:03,8108424","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:03,8135742","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,8139348","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:03,8141340","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:03,8144326","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8147176","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8147400","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,8149196","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976136, endtime: 976136, seqnum: 0, connid: 0"
"12:27:03,8151002","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:03,8156614","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:03,8169881","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,8173496","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:03,8174551","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8176706","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:03,8177312","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8178553","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8179733","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8180909","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8182962","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8184179","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976136, endtime: 976136, seqnum: 0, connid: 0"
"12:27:03,8244297","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.281.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8246783","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.281.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8248743","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.281.359, Length: 2.920"
"12:27:03,8251934","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.284.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8285759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tcpip.sys.mui","SUCCESS","Offset: 49.664, Length: 2.048"
"12:27:03,8294231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tcpip.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,8335614","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.284.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8338413","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.284.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8340055","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.284.279, Length: 8.760"
"12:27:03,8351657","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.293.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8523954","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8527131","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8528372","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:03,8530019","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976136, endtime: 976136, seqnum: 0, connid: 0"
"12:27:03,8552467","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8554086","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8555257","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8556110","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8557276","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8559282","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:03,8560500","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976136, endtime: 976136, seqnum: 0, connid: 0"
"12:27:03,8576347","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8579127","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8581091","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8583172","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976136, endtime: 976136, seqnum: 0, connid: 0"
"12:27:03,8610817","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.293.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8614871","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.293.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8617292","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.293.039, Length: 3.472"
"12:27:03,8621621","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.296.511, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8634487","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,8638144","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read"
"12:27:03,8644120","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"
"12:27:03,8647386","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,8649779","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,8651808","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","REPARSE","Desired Access: Read"
"12:27:03,8653814","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","SUCCESS","Desired Access: Read"
"12:27:03,8656184","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,8658577","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,8659295","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.296.511, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8660602","swi_service.exe","2116","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\Windows NT\DnsClient","REPARSE","Desired Access: Read"
"12:27:03,8662122","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.296.511, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8662635","swi_service.exe","2116","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
"12:27:03,8664091","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.296.511, Length: 4.380"
"12:27:03,8665038","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,8667011","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DNS","REPARSE","Desired Access: Query Value"
"12:27:03,8668667","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DNS","NAME NOT FOUND","Desired Access: Query Value"
"12:27:03,8670421","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.300.891, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8671032","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\QueryAdapterName","NAME NOT FOUND","Length: 144"
"12:27:03,8673001","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DisableAdapterDomainName","NAME NOT FOUND","Length: 144"
"12:27:03,8674657","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UseDomainNameDevolution","NAME NOT FOUND","Length: 144"
"12:27:03,8676225","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\UseDomainNameDevolution","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:03,8677853","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DomainNameDevolutionLevel","NAME NOT FOUND","Length: 144"
"12:27:03,8679098","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 144"
"12:27:03,8680656","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 144"
"12:27:03,8682242","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 144"
"12:27:03,8683483","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 144"
"12:27:03,8685074","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\AppendToMultiLabelName","NAME NOT FOUND","Length: 144"
"12:27:03,8686632","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ScreenBadTlds","NAME NOT FOUND","Length: 144"
"12:27:03,8687892","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ScreenUnreachableServers","NAME NOT FOUND","Length: 144"
"12:27:03,8689455","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ScreenDefaultServers","NAME NOT FOUND","Length: 144"
"12:27:03,8690700","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DynamicServerQueryOrder","NAME NOT FOUND","Length: 144"
"12:27:03,8692268","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\FilterClusterIp","NAME NOT FOUND","Length: 144"
"12:27:03,8693513","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\WaitForNameErrorOnAll","NAME NOT FOUND","Length: 144"
"12:27:03,8695071","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UseEdns","NAME NOT FOUND","Length: 144"
"12:27:03,8696321","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DnsSecureNameQueryFallback","NAME NOT FOUND","Length: 144"
"12:27:03,8697884","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\EnableDAForAllNetworks","NAME NOT FOUND","Length: 144"
"12:27:03,8699144","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DirectAccessQueryOrder","NAME NOT FOUND","Length: 144"
"12:27:03,8699927","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.300.891, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8700749","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\QueryIpMatching","NAME NOT FOUND","Length: 144"
"12:27:03,8702321","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UseHostsFile","NAME NOT FOUND","Length: 144"
"12:27:03,8702782","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.300.891, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8703883","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\AddrConfigControl","NAME NOT FOUND","Length: 144"
"12:27:03,8704756","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.300.891, Length: 3.828"
"12:27:03,8705157","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegistrationEnabled","NAME NOT FOUND","Length: 144"
"12:27:03,8706720","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DisableDynamicUpdate","NAME NOT FOUND","Length: 144"
"12:27:03,8707970","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.304.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8708334","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegisterPrimaryName","NAME NOT FOUND","Length: 144"
"12:27:03,8709584","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegisterAdapterName","NAME NOT FOUND","Length: 144"
"12:27:03,8711151","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration","NAME NOT FOUND","Length: 144"
"12:27:03,8712747","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegisterReverseLookup","NAME NOT FOUND","Length: 144"
"12:27:03,8713992","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DisableReverseAddressRegistrations","NAME NOT FOUND","Length: 144"
"12:27:03,8715583","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegisterWanAdapters","NAME NOT FOUND","Length: 144"
"12:27:03,8717151","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DisableWanDynamicUpdate","NAME NOT FOUND","Length: 144"
"12:27:03,8718415","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegistrationTtl","NAME NOT FOUND","Length: 144"
"12:27:03,8719982","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DefaultRegistrationTTL","NAME NOT FOUND","Length: 144"
"12:27:03,8721564","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegistrationRefreshInterval","NAME NOT FOUND","Length: 144"
"12:27:03,8725608","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval","NAME NOT FOUND","Length: 144"
"12:27:03,8727563","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 144"
"12:27:03,8728822","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister","NAME NOT FOUND","Length: 144"
"12:27:03,8730413","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 144"
"12:27:03,8731976","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 144"
"12:27:03,8733240","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UpdateTopLevelDomainZones","NAME NOT FOUND","Length: 144"
"12:27:03,8734803","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy","NAME NOT FOUND","Length: 144"
"12:27:03,8736053","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegistrationOverwrite","NAME NOT FOUND","Length: 144"
"12:27:03,8737607","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MaxCacheSize","NAME NOT FOUND","Length: 144"
"12:27:03,8738866","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MaxCacheTtl","NAME NOT FOUND","Length: 144"
"12:27:03,8739109","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.304.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8740434","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MaxNegativeCacheTtl","NAME NOT FOUND","Length: 144"
"12:27:03,8741689","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\AdapterTimeoutLimit","NAME NOT FOUND","Length: 144"
"12:27:03,8742752","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.306.240, EndOfFile: 407.304.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8743275","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ServerPriorityTimeLimit","NAME NOT FOUND","Length: 144"
"12:27:03,8744837","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MaxCachedSockets","NAME NOT FOUND","Length: 144"
"12:27:03,8746078","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\EnableMulticast","NAME NOT FOUND","Length: 144"
"12:27:03,8747641","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MulticastResponderFlags","NAME NOT FOUND","Length: 144"
"12:27:03,8749251","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MulticastSenderFlags","NAME NOT FOUND","Length: 144"
"12:27:03,8752810","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.304.719, Length: 2.920, Priority: Normal"
"12:27:03,8753519","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MulticastSenderMaxTimeout","NAME NOT FOUND","Length: 144"
"12:27:03,8755562","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DnsTest","NAME NOT FOUND","Length: 144"
"12:27:03,8757162","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UseCompartments","NAME NOT FOUND","Length: 144"
"12:27:03,8758790","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\CacheAllCompartments","NAME NOT FOUND","Length: 144"
"12:27:03,8760787","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UseNewRegistration","NAME NOT FOUND","Length: 144"
"12:27:03,8762406","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ResolverRegistration","NAME NOT FOUND","Length: 144"
"12:27:03,8763978","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ResolverRegistrationOnly","NAME NOT FOUND","Length: 144"
"12:27:03,8766366","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,8769217","swi_service.exe","2116","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Query Value"
"12:27:03,8772030","swi_service.exe","2116","RegSetInfoKey","HKLM\SYSTEM\Setup","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,8773630","swi_service.exe","2116","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:03,8776032","swi_service.exe","2116","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:27:03,8777292","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.307.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8777651","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 144"
"12:27:03,8779237","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 144"
"12:27:03,8779727","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.307.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8780865","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 144"
"12:27:03,8781724","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.307.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8782428","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 144"
"12:27:03,8783716","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.307.639, Length: 1.460"
"12:27:03,8784443","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,8786566","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.309.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8786860","swi_service.exe","2116","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\System\DNSClient","REPARSE","Desired Access: Query Value"
"12:27:03,8789300","swi_service.exe","2116","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient","NAME NOT FOUND","Desired Access: Query Value"
"12:27:03,8791637","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,8793307","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,8795271","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 20, Data: Error3725"
"12:27:03,8796894","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 20, Data: Error3725"
"12:27:03,8845807","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,8848223","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:03,8850663","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:03,8853098","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,8855039","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}\SearchList","NAME NOT FOUND","Length: 144"
"12:27:03,8857492","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS",""
"12:27:03,8862694","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8865530","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8867555","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,8875971","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8877963","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,8889793","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,8893884","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:03,8897532","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:03,8901469","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,8906270","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8907935","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:03,8909055","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8911061","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,8911187","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","Desired Access: Query Value"
"12:27:03,8914737","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:03,8917568","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:03,8919957","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:03,8934750","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8936718","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8937894","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8938747","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8939904","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,8941164","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,8951805","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.309.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8955215","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.309.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8958438","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.309.099, Length: 2.920"
"12:27:03,8962016","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.312.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,8965650","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,8968832","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:03,8971990","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:03,8974827","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,8976483","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:03,8978829","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:03,8980453","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,8982071","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 38, Data: wohnheim.uni-kl.de"
"12:27:03,8984474","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:03,8986503","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,8988518","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:03,8990883","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:03,8992922","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,8994522","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:03,8996491","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS",""
"12:27:03,9014596","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9017455","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:03,9020287","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:03,9026198","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9029412","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9031469","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9033442","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:03,9040109","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:03,9045310","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:03,9047073","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.312.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9049891","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.312.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9050311","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9051860","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.312.019, Length: 1.460"
"12:27:03,9053502","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:03,9054337","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.313.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9056305","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:03,9058745","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9060700","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9062314","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9063914","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:03,9065551","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:03,9067585","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:03,9085933","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.313.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9087999","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9089516","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.313.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9090379","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:03,9091577","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.313.479, Length: 2.920"
"12:27:03,9092450","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:03,9094736","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.316.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9110667","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9113839","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:03,9116647","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:03,9119451","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9123435","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.316.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9126313","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.316.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9127111","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:03,9128296","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.316.399, Length: 7.300"
"12:27:03,9129112","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","Desired Access: Query Value"
"12:27:03,9131906","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.323.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9131930","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableDhcp","NAME NOT FOUND","Length: 144"
"12:27:03,9134281","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:03,9135895","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:03,9137906","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9139902","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:03,9141936","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:03,9143947","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9145561","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled","NAME NOT FOUND","Length: 144"
"12:27:03,9147152","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName","NAME NOT FOUND","Length: 144"
"12:27:03,9148705","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain","NAME NOT FOUND","Length: 144"
"12:27:03,9149960","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain","NAME NOT FOUND","Length: 144"
"12:27:03,9151551","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:03,9153211","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9155171","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:03,9157172","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:03,9159565","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9161198","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:03,9163162","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:03,9172697","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:03,9176313","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9178720","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:03,9181090","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9182671","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9184056","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:03,9185894","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:03,9188064","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:03,9189057","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:03,9190555","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:03,9191870","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9193858","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:03,9195500","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:03,9197487","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:03,9200216","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9200323","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9202343","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:03,9203048","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9204690","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:03,9205077","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,9206719","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9208328","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:03,9209915","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:03,9211538","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:03,9218778","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9220793","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:03,9225724","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:03,9227847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:03,9230538","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9233449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,9233543","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9236360","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,9238119","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:03,9240512","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475fac-f615-4e2a-8127-ed2d902b06d8}","SUCCESS","Desired Access: Query Value"
"12:27:03,9242957","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:03,9245359","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:03,9246969","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:03,9249007","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9250799","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9252417","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9252963","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:03,9253621","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9254479","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9256056","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,9261262","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 248, Length: 4.096"
"12:27:03,9267266","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9268871","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9269724","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9271278","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,9279694","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:03,9283108","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9285427","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:03,9287083","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:03,9288697","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9290306","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 26, Data: speedport.ip"
"12:27:03,9292326","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:03,9294687","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9296716","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:03,9299371","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,9299487","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:03,9301876","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9303163","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:03,9305113","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:03,9306989","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 356.946, Length: 16.200"
"12:27:03,9311439","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 356.352, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,9325756","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9328933","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:03,9331764","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:03,9334577","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9338687","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9342107","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,9342727","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9345535","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:03,9346935","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\fwpkclnt.sys","NO SUCH FILE","Filter: fwpkclnt.sys"
"12:27:03,9348288","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:03,9350121","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:03,9350718","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:03,9353494","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9355957","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:03,9358737","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:03,9361158","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9362782","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9364396","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9365772","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,9366383","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:03,9368333","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:03,9369770","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\fwpkclnt.sys","SUCCESS","Filter: fwpkclnt.sys, 1: FWPKCLNT.SYS"
"12:27:03,9370363","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:03,9373759","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:03,9386853","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9390109","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:03,9393263","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:03,9396085","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9400293","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,9402136","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:03,9402546","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.323.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9404884","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","Desired Access: Query Value"
"12:27:03,9405383","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.323.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9407533","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:03,9409926","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:03,9410929","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:03,9414130","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:03,9416709","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,9417353","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:03,9417717","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.323.699, Length: 2.920"
"12:27:03,9420357","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:03,9420922","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9422177","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.326.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9423996","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:03,9426329","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:03,9429608","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:03,9432771","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9434772","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:03,9436755","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:03,9438374","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9439978","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpDomain","NAME NOT FOUND","Length: 144"
"12:27:03,9441835","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.326.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9442017","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:03,9444419","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9445003","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.326.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9446813","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:03,9447428","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.326.619, Length: 1.460"
"12:27:03,9450862","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,9451058","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.328.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9452653","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:03,9454421","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:03,9455475","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9456054","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:03,9457444","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}\Dhcpv6Domain","NAME NOT FOUND","Length: 144"
"12:27:03,9459119","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS",""
"12:27:03,9461484","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9462086","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,9465678","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:03,9467460","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:03,9468915","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:03,9471127","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:03,9473958","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9476351","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:03,9478749","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS",""
"12:27:03,9480666","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.328.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9482164","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:03,9484786","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.328.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9486106","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:03,9487958","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.328.079, Length: 5.840"
"12:27:03,9489315","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:03,9491984","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.333.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9496985","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9500166","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:03,9502988","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:03,9505787","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9507765","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9509440","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9511371","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:03,9513401","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:03,9515985","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.333.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9516620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 268.900, Length: 4.096"
"12:27:03,9517763","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9519171","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.333.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9521163","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.333.919, Length: 4.380"
"12:27:03,9521467","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 266.240, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,9524788","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.338.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9526234","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:03,9529626","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:03,9533222","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9535098","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 248, Length: 4.096"
"12:27:03,9535252","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9537239","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9539175","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:03,9541218","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:03,9557611","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9560424","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9562435","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,9567804","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9568760","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,9572250","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:03,9576224","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:03,9579956","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9580861","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9582494","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9583674","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9584523","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9585690","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9586935","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,9587229","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:03,9589711","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{689b7388-ef49-4783-8a7d-cfdfcd8bba3f}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:03,9592883","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:03,9598551","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9600156","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9601322","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9601677","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9602582","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976137, endtime: 976137, seqnum: 0, connid: 0"
"12:27:03,9604531","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:03,9607741","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:03,9610545","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9611706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 281.088, Length: 7.000"
"12:27:03,9614934","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 278.528, Length: 9.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,9616175","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:03,9618592","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{bf153787-fe96-4539-9665-46c29577296d}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:03,9621745","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:03,9630175","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9630875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 261.120, Length: 4.096"
"12:27:03,9633263","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.338.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9633427","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:03,9634532","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 258.048, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,9636603","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:03,9638115","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.338.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9639430","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9641800","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.338.299, Length: 2.920"
"12:27:03,9645411","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:03,9647403","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.341.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9647869","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b22f8e64-9830-440f-ad79-ff19ed43e1cf}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:03,9650272","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:03,9653299","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 265.216, Length: 4.096"
"12:27:03,9658669","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9660726","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:03,9663073","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:03,9665088","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9669482","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:03,9671484","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{79532670-d7de-46bb-bd5b-954c8222db41}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:03,9674283","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:03,9676979","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.341.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9679787","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.341.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9681434","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.341.219, Length: 4.380"
"12:27:03,9684881","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 269.312, Length: 4.096"
"12:27:03,9685856","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.345.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9703360","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 55.296, Length: 4.096"
"12:27:03,9714187","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 272.896, Length: 4.096"
"12:27:03,9715423","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.345.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9718218","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.345.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9719850","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.345.599, Length: 2.920"
"12:27:03,9724263","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.348.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9745909","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 281.088, Length: 4.096"
"12:27:03,9749394","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9751558","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.348.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9752916","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:03,9753588","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.348.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9755197","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.348.519, Length: 4.380"
"12:27:03,9755813","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:03,9756354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,9759414","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9760697","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.352.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:03,9762152","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}\SearchList","NAME NOT FOUND","Length: 144"
"12:27:03,9764970","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS",""
"12:27:03,9775980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 281.088, Length: 4.096"
"12:27:03,9785762","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9788958","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:03,9791785","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:03,9794579","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9800182","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:03,9802164","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","Desired Access: Query Value"
"12:27:03,9803079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:03,9804543","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:03,9806624","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:03,9810347","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:03,9813981","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9816775","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:03,9820330","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:03,9821906","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:03,9822746","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 281.088, Length: 4.096"
"12:27:03,9825736","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:03,9828988","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9830411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 285.184, Length: 2.904"
"12:27:03,9831362","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:03,9833807","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:03,9836611","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:03,9837208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 248, Length: 4.096"
"12:27:03,9838565","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9840212","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:03,9842045","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9842204","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:03,9845651","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:03,9850466","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:03,9854450","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9856908","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:03,9859324","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:03,9861690","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9865352","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 38, Data: wohnheim.uni-kl.de"
"12:27:03,9869723","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:03,9872573","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9875381","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:03,9879025","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:03,9882230","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9884623","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:03,9887053","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS",""
"12:27:03,9898380","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 0, Length: 4.096"
"12:27:03,9905158","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 4.096, Length: 57.768"
"12:27:03,9909151","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 61.864, Length: 61.440"
"12:27:03,9910024","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9913103","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9913256","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:03,9913625","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 123.304, Length: 61.440"
"12:27:03,9916261","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9916438","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:03,9918281","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976138, endtime: 976138, seqnum: 0, connid: 0"
"12:27:03,9919260","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9919564","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 131.072, Length: 57.344, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,9921262","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9923669","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9925320","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:03,9927279","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:03,9930755","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9933153","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:03,9935075","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:03,9935495","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976138, endtime: 976138, seqnum: 0, connid: 0"
"12:27:03,9935714","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 184.744, Length: 61.440"
"12:27:03,9940551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 188.416, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:03,9942408","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9945949","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:03,9948785","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:03,9952368","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:03,9955577","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9956002","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 246.184, Length: 34.904"
"12:27:03,9959575","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:03,9961954","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:03,9963937","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:03,9967720","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:03,9989441","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:03,9992188","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:03,9994978","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,0003459","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.352.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,0006766","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.352.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,0009747","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.352.899, Length: 2.920"
"12:27:04,0015756","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.355.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,0016162","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0021554","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,0026173","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,0029835","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0035848","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,0037775","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.355.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,0038689","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","Desired Access: Query Value"
"12:27:04,0040247","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.355.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,0041889","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableDhcp","NAME NOT FOUND","Length: 144"
"12:27:04,0042575","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.355.819, Length: 2.920"
"12:27:04,0045435","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.358.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,0046036","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,0049698","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,0052843","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0055310","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,0058128","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,0060927","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0062896","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled","NAME NOT FOUND","Length: 144"
"12:27:04,0064500","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,0065760","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain","NAME NOT FOUND","Length: 144"
"12:27:04,0067332","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain","NAME NOT FOUND","Length: 144"
"12:27:04,0068960","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,0070952","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0072944","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,0074973","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,0077390","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0079349","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,0081001","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,0100132","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0103323","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,0106159","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,0108963","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0111757","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,0113390","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,0115372","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,0118176","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0120173","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,0127025","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,0130249","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0133454","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,0135819","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,0137470","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,0145480","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0148284","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,0150682","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,0152702","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0158659","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,0160352","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475fac-f615-4e2a-8127-ed2d902b06d8}","SUCCESS","Desired Access: Query Value"
"12:27:04,0162699","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,0164719","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,0166305","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,0168287","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0173923","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,0175989","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,0178000","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0179609","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,0181541","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,0182819","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0184410","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 26, Data: speedport.ip"
"12:27:04,0186411","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,0188412","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0190390","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,0192382","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,0194379","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0195648","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,0197598","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,0216589","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0219439","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,0222261","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,0237269","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 282.431, Length: 4.096"
"12:27:04,0243119","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0245143","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0247140","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0248773","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,0250732","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,0253531","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,0255905","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0257939","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,0259983","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,0262334","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0263612","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0265207","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0267563","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,0269191","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,0271193","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,0288481","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0291271","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,0293305","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,0295306","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0303302","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,0305303","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","Desired Access: Query Value"
"12:27:04,0307346","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,0309352","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,0310943","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,0312940","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0314927","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,0315575","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 268.900, Length: 4.096"
"12:27:04,0316942","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,0318743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,0318939","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0320525","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,0322130","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,0327429","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0327989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 183.808, Length: 4.096"
"12:27:04,0329836","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpDomain","NAME NOT FOUND","Length: 144"
"12:27:04,0331586","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 268.900, Length: 4.096"
"12:27:04,0331847","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,0334212","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0336223","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,0336381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,0338275","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,0340300","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0341979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:04,0342292","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}\Dhcpv6Domain","NAME NOT FOUND","Length: 144"
"12:27:04,0344662","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS",""
"12:27:04,0346682","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0348030","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:04,0348683","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,0350679","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,0352340","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0353283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:04,0353945","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,0355876","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS",""
"12:27:04,0358503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:04,0363713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:04,0368920","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:04,0374144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:04,0374872","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0378861","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,0379369","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:04,0381702","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,0384501","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0384585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:04,0386497","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0388466","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0390122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:04,0390542","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,0392874","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,0395370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:04,0395697","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0397707","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,0399713","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,0400595","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:04,0402186","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0403777","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0405377","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0405820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:04,0410569","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,0411045","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:04,0413009","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,0416260","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:04,0421466","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:04,0427111","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:04,0432317","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:04,0437528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:04,0442729","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:04,0447385","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0447954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:04,0450594","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,0453184","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:04,0453757","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,0456575","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0458394","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:04,0461809","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,0463614","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:04,0463792","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{689b7388-ef49-4783-8a7d-cfdfcd8bba3f}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,0465854","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,0468825","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:04,0471881","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0473891","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,0474796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:04,0476271","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,0478286","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0480063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:04,0482666","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,0484294","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{bf153787-fe96-4539-9665-46c29577296d}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,0485269","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:04,0486314","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,0490480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:04,0491908","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0493904","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,0495700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:04,0495906","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,0497902","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0500911","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:04,0501923","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,0503542","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b22f8e64-9830-440f-ad79-ff19ed43e1cf}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,0505543","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,0506122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:04,0511333","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:04,0512807","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0514790","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,0516553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:04,0516795","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,0518778","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0521773","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:04,0522799","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,0527203","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{79532670-d7de-46bb-bd5b-954c8222db41}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,0527408","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:04,0529624","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,0532628","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:04,0540251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:04,0547864","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:04,0553453","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:04,0554503","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0556849","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage","REPARSE","Desired Access: Read"
"12:27:04,0558692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:04,0558897","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage","SUCCESS","Desired Access: Read"
"12:27:04,0561262","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Linkage","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0562890","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","BUFFER OVERFLOW","Length: 144"
"12:27:04,0563917","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:04,0564523","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","BUFFER OVERFLOW","Length: 144"
"12:27:04,0566095","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 566, Data: \Device\{156551C9-638C-466B-84CE-399520B5E44A}, \Device\{D5D3469D-E627-42DE-9326-C4A53EDCDAFF}, \Device\{FA092F81-10BD-485C-BE36-07049B574F79}, \Device\{A10CC0FC-C219-4458-B30C-636C59AD8476}, \Device\{69475FAC-F615-4E2A-8127-ED2D902B06D8}, \Device\{063868CA-BB64-4872-8149-E3742D680278}"
"12:27:04,0568101","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","BUFFER OVERFLOW","Length: 144"
"12:27:04,0569146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:04,0569356","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","BUFFER OVERFLOW","Length: 144"
"12:27:04,0570900","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 566, Data: \Device\{156551C9-638C-466B-84CE-399520B5E44A}, \Device\{D5D3469D-E627-42DE-9326-C4A53EDCDAFF}, \Device\{FA092F81-10BD-485C-BE36-07049B574F79}, \Device\{A10CC0FC-C219-4458-B30C-636C59AD8476}, \Device\{69475FAC-F615-4E2A-8127-ED2D902B06D8}, \Device\{063868CA-BB64-4872-8149-E3742D680278}"
"12:27:04,0572570","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Linkage","SUCCESS",""
"12:27:04,0574371","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:04,0577342","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0579344","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,0579596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:04,0581359","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,0583365","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0584811","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:04,0584984","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\QueryAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,0586948","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DisableAdapterDomainName","NAME NOT FOUND","Length: 144"
"12:27:04,0588557","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,0590027","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:04,0590162","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,0591762","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 144"
"12:27:04,0593357","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\MaxNumberOfAddressesToRegister","NAME NOT FOUND","Length: 144"
"12:27:04,0594650","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\EnableMulticast","NAME NOT FOUND","Length: 144"
"12:27:04,0596096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:04,0596604","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0598204","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0599823","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 38, Data: wohnheim.uni-kl.de"
"12:27:04,0601461","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 38, Data: wohnheim.uni-kl.de"
"12:27:04,0603457","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:04,0604493","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:04,0610123","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:04,0611486","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0613501","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,0615693","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:04,0615852","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,0617853","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0619118","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,0620708","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName","NAME NOT FOUND","Length: 144"
"12:27:04,0620928","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:04,0622290","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled","NAME NOT FOUND","Length: 144"
"12:27:04,0626530","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:04,0627636","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate","NAME NOT FOUND","Length: 144"
"12:27:04,0630785","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,0631760","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:04,0632828","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration","NAME NOT FOUND","Length: 144"
"12:27:04,0634437","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 144"
"12:27:04,0636000","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister","NAME NOT FOUND","Length: 144"
"12:27:04,0636998","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:04,0637278","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableMulticast","NAME NOT FOUND","Length: 144"
"12:27:04,0639266","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain","NAME NOT FOUND","Length: 144"
"12:27:04,0640828","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain","NAME NOT FOUND","Length: 144"
"12:27:04,0642480","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,0643781","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:04,0647271","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\SearchList","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0649286","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\SearchList","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0649781","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:04,0651689","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS",""
"12:27:04,0653279","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS",""
"12:27:04,0655033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:04,0658150","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0660263","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:04,0660879","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read"
"12:27:04,0665301","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,0665478","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:04,0668137","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0670134","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0670684","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:04,0672145","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","REPARSE","Desired Access: Read"
"12:27:04,0674141","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,0675905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:04,0676175","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0677803","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0679795","swi_service.exe","2116","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\Windows NT\DnsClient","REPARSE","Desired Access: Read"
"12:27:04,0681115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:04,0682142","swi_service.exe","2116","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
"12:27:04,0684190","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 20, Data: Error3725"
"12:27:04,0686172","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 20, Data: Error3725"
"12:27:04,0686769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:04,0688150","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS",""
"12:27:04,0689433","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS",""
"12:27:04,0691808","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0692325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:04,0693842","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read"
"12:27:04,0697406","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,0697541","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:04,0700209","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0702225","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0702752","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:04,0704688","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","REPARSE","Desired Access: Read"
"12:27:04,0707487","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,0707967","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:04,0709842","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0711895","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0713173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:04,0714694","swi_service.exe","2116","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\Windows NT\DnsClient","REPARSE","Desired Access: Read"
"12:27:04,0717465","swi_service.exe","2116","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
"12:27:04,0718384","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 286.720, Length: 1.368"
"12:27:04,0720311","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0722326","swi_service.exe","2116","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\System\DNSClient","REPARSE","Desired Access: Query Value"
"12:27:04,0725951","swi_service.exe","2116","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,0728708","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0730751","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0733102","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS",""
"12:27:04,0735099","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS",""
"12:27:04,0735626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 268.900, Length: 4.096"
"12:27:04,0737548","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0739964","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters","REPARSE","Desired Access: Read"
"12:27:04,0740086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,0742759","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\NetBT\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,0744541","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:04,0745604","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\NetBT\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0747615","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\NodeType","NAME NOT FOUND","Length: 144"
"12:27:04,0749294","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:04,0749593","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\DhcpNodeType","NAME NOT FOUND","Length: 144"
"12:27:04,0751198","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\ScopeId","NAME NOT FOUND","Length: 144"
"12:27:04,0752802","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\DhcpScopeId","NAME NOT FOUND","Length: 144"
"12:27:04,0753731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:04,0754435","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\EnableProxy","NAME NOT FOUND","Length: 144"
"12:27:04,0756012","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\EnableDns","NAME NOT FOUND","Length: 144"
"12:27:04,0757640","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\NetBT\Parameters","SUCCESS",""
"12:27:04,0758167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:04,0762580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:04,0766989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:04,0769256","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0771416","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:04,0771626","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read"
"12:27:04,0775264","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,0776160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:04,0778077","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0780046","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0780587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:04,0781707","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","REPARSE","Desired Access: Read"
"12:27:04,0783671","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,0785014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:04,0785672","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0787281","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0789250","swi_service.exe","2116","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\Windows NT\DnsClient","REPARSE","Desired Access: Read"
"12:27:04,0789446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:04,0791713","swi_service.exe","2116","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
"12:27:04,0793878","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:04,0794871","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0798296","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:04,0798529","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DNS","REPARSE","Desired Access: Query Value"
"12:27:04,0801300","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DNS","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,0803772","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\QueryAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,0805676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:04,0807117","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DisableAdapterDomainName","NAME NOT FOUND","Length: 144"
"12:27:04,0811651","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UseDomainNameDevolution","NAME NOT FOUND","Length: 144"
"12:27:04,0812081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:04,0814460","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\UseDomainNameDevolution","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,0816480","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DomainNameDevolutionLevel","NAME NOT FOUND","Length: 144"
"12:27:04,0817655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:04,0818089","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 144"
"12:27:04,0819652","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\PrioritizeRecordData","NAME NOT FOUND","Length: 144"
"12:27:04,0821252","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 144"
"12:27:04,0822908","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\AllowUnqualifiedQuery","NAME NOT FOUND","Length: 144"
"12:27:04,0824121","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:04,0827298","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\AppendToMultiLabelName","NAME NOT FOUND","Length: 144"
"12:27:04,0829752","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:04,0830092","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ScreenBadTlds","NAME NOT FOUND","Length: 144"
"12:27:04,0831706","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ScreenUnreachableServers","NAME NOT FOUND","Length: 144"
"12:27:04,0834650","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ScreenDefaultServers","NAME NOT FOUND","Length: 144"
"12:27:04,0835284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:04,0838727","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DynamicServerQueryOrder","NAME NOT FOUND","Length: 144"
"12:27:04,0840500","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:04,0841130","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\FilterClusterIp","NAME NOT FOUND","Length: 144"
"12:27:04,0842734","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\WaitForNameErrorOnAll","NAME NOT FOUND","Length: 144"
"12:27:04,0844302","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UseEdns","NAME NOT FOUND","Length: 144"
"12:27:04,0845743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:04,0846751","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DnsSecureNameQueryFallback","NAME NOT FOUND","Length: 144"
"12:27:04,0850432","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\EnableDAForAllNetworks","NAME NOT FOUND","Length: 144"
"12:27:04,0850968","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:04,0852414","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DirectAccessQueryOrder","NAME NOT FOUND","Length: 144"
"12:27:04,0854010","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\QueryIpMatching","NAME NOT FOUND","Length: 144"
"12:27:04,0855586","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UseHostsFile","NAME NOT FOUND","Length: 144"
"12:27:04,0856188","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:04,0856851","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\AddrConfigControl","NAME NOT FOUND","Length: 144"
"12:27:04,0858418","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegistrationEnabled","NAME NOT FOUND","Length: 144"
"12:27:04,0859990","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DisableDynamicUpdate","NAME NOT FOUND","Length: 144"
"12:27:04,0861399","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:04,0861600","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegisterPrimaryName","NAME NOT FOUND","Length: 144"
"12:27:04,0866656","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:04,0867058","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegisterAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,0869843","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration","NAME NOT FOUND","Length: 144"
"12:27:04,0871835","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegisterReverseLookup","NAME NOT FOUND","Length: 144"
"12:27:04,0872996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:04,0873439","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DisableReverseAddressRegistrations","NAME NOT FOUND","Length: 144"
"12:27:04,0876224","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegisterWanAdapters","NAME NOT FOUND","Length: 144"
"12:27:04,0877871","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DisableWanDynamicUpdate","NAME NOT FOUND","Length: 144"
"12:27:04,0878263","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:04,0879485","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegistrationTtl","NAME NOT FOUND","Length: 144"
"12:27:04,0881043","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DefaultRegistrationTTL","NAME NOT FOUND","Length: 144"
"12:27:04,0882317","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegistrationRefreshInterval","NAME NOT FOUND","Length: 144"
"12:27:04,0883492","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:04,0883908","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval","NAME NOT FOUND","Length: 144"
"12:27:04,0885512","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 144"
"12:27:04,0887514","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister","NAME NOT FOUND","Length: 144"
"12:27:04,0889114","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 144"
"12:27:04,0890686","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\UpdateSecurityLevel","NAME NOT FOUND","Length: 144"
"12:27:04,0891721","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:04,0892272","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UpdateTopLevelDomainZones","NAME NOT FOUND","Length: 144"
"12:27:04,0893527","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy","NAME NOT FOUND","Length: 144"
"12:27:04,0895094","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\RegistrationOverwrite","NAME NOT FOUND","Length: 144"
"12:27:04,0896340","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MaxCacheSize","NAME NOT FOUND","Length: 144"
"12:27:04,0897329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:04,0898346","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MaxCacheTtl","NAME NOT FOUND","Length: 144"
"12:27:04,0899918","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MaxNegativeCacheTtl","NAME NOT FOUND","Length: 144"
"12:27:04,0901163","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\AdapterTimeoutLimit","NAME NOT FOUND","Length: 144"
"12:27:04,0902124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:04,0902745","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ServerPriorityTimeLimit","NAME NOT FOUND","Length: 144"
"12:27:04,0904308","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MaxCachedSockets","NAME NOT FOUND","Length: 144"
"12:27:04,0905553","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\EnableMulticast","NAME NOT FOUND","Length: 144"
"12:27:04,0909812","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:04,0910717","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MulticastResponderFlags","NAME NOT FOUND","Length: 144"
"12:27:04,0914785","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MulticastSenderFlags","NAME NOT FOUND","Length: 144"
"12:27:04,0916768","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\MulticastSenderMaxTimeout","NAME NOT FOUND","Length: 144"
"12:27:04,0917771","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:04,0918415","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DnsTest","NAME NOT FOUND","Length: 144"
"12:27:04,0920411","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UseCompartments","NAME NOT FOUND","Length: 144"
"12:27:04,0922417","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\CacheAllCompartments","NAME NOT FOUND","Length: 144"
"12:27:04,0922632","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:04,0927987","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\UseNewRegistration","NAME NOT FOUND","Length: 144"
"12:27:04,0928197","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:04,0931178","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ResolverRegistration","NAME NOT FOUND","Length: 144"
"12:27:04,0932638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:04,0933226","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\ResolverRegistrationOnly","NAME NOT FOUND","Length: 144"
"12:27:04,0936058","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0937075","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:04,0939258","swi_service.exe","2116","RegOpenKey","HKLM\System\Setup","SUCCESS","Desired Access: Query Value"
"12:27:04,0941497","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:04,0942435","swi_service.exe","2116","RegSetInfoKey","HKLM\SYSTEM\Setup","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,0944497","swi_service.exe","2116","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,0946274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:04,0947631","swi_service.exe","2116","RegCloseKey","HKLM\SYSTEM\Setup","SUCCESS",""
"12:27:04,0949665","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 144"
"12:27:04,0950715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:04,0951699","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DnsQueryTimeouts","NAME NOT FOUND","Length: 144"
"12:27:04,0954083","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Dnscache\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 144"
"12:27:04,0955142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:04,0956098","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\DnsQuickQueryTimeouts","NAME NOT FOUND","Length: 144"
"12:27:04,0958860","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,0959555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:04,0961734","swi_service.exe","2116","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\System\DNSClient","REPARSE","Desired Access: Query Value"
"12:27:04,0963973","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:04,0964925","swi_service.exe","2116","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,0967686","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0968713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:04,0970098","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,0972179","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 20, Data: Error3725"
"12:27:04,0973135","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:04,0974572","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 20, Data: Error3725"
"12:27:04,0977553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:04,0981971","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:04,0986379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:04,0990787","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:04,0995191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:04,0999282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:04,1003691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:04,1008095","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:04,1012503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:04,1016916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:04,1021324","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:04,1026489","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:04,1028299","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1030916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:04,1031517","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,1034746","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,1035347","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:04,1037923","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1039775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:04,1040302","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}\SearchList","NAME NOT FOUND","Length: 144"
"12:27:04,1042783","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS",""
"12:27:04,1043786","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:04,1044202","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:04,1048190","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1048983","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:04,1050611","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,1053401","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:04,1053774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:04,1055416","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:04,1058215","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1059008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:04,1060986","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:04,1064238","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:04,1064984","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1066575","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:04,1067835","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:04,1068194","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,1070209","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1071077","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,1071795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:04,1072630","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:04,1075452","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:04,1076255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:04,1077421","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1080701","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:04,1083056","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,1084703","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","Desired Access: Query Value"
"12:27:04,1085450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:04,1087078","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,1089098","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,1089900","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 286.720, Length: 1.368"
"12:27:04,1090698","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:04,1108621","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1111149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 268.900, Length: 4.096"
"12:27:04,1111508","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,1115068","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,1117871","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1119532","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,1121533","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,1124276","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1126338","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 38, Data: wohnheim.uni-kl.de"
"12:27:04,1129510","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:04,1132319","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1135127","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,1138304","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,1138449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 281.088, Length: 4.096"
"12:27:04,1141985","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1144396","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,1146813","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS",""
"12:27:04,1168029","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1171211","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,1174029","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,1176828","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1178806","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1180476","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1182099","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:04,1184049","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:04,1186092","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:04,1188453","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1190449","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,1192460","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,1194475","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1196066","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1197349","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1198636","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:04,1199276","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:04,1200885","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:04,1202555","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:04,1203782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:04,1232243","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1235434","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,1237822","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,1259085","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1261926","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,1265089","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,1267147","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1274359","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,1276323","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","Desired Access: Query Value"
"12:27:04,1279131","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableDhcp","NAME NOT FOUND","Length: 144"
"12:27:04,1281128","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,1282728","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,1284402","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1286385","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,1288400","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,1293229","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1295165","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled","NAME NOT FOUND","Length: 144"
"12:27:04,1296802","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,1298813","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain","NAME NOT FOUND","Length: 144"
"12:27:04,1300805","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain","NAME NOT FOUND","Length: 144"
"12:27:04,1303184","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,1305255","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1307261","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,1309645","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,1312061","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1314016","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,1315663","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,1342351","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1345533","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,1348364","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,1351140","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1352801","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,1354741","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,1356421","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,1359243","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1361244","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,1363567","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,1365583","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1367271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\FWPKCLNT.SYS","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,1367962","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,1374176","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,1378551","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,1388185","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1390652","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,1393442","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,1395859","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1401848","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,1403500","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475fac-f615-4e2a-8127-ed2d902b06d8}","SUCCESS","Desired Access: Query Value"
"12:27:04,1409084","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,1411911","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,1413516","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,1415536","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1417532","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,1419897","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,1432302","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1435922","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,1438380","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,1440764","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1442807","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 26, Data: speedport.ip"
"12:27:04,1445942","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,1448778","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1450826","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,1453229","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,1455599","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1457203","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,1458850","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,1479754","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1482600","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,1486556","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,1489350","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1491006","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1492998","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1494631","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,1497028","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,1499394","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,1501418","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1503424","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,1505430","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,1508206","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1509479","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1511075","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1512680","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,1514294","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,1516300","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,1537507","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1539536","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,1541570","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,1547522","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1552761","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,1554417","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","Desired Access: Query Value"
"12:27:04,1556764","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,1558770","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,1560813","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,1563178","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1565189","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,1567241","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,1569257","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1571197","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,1576054","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,1577691","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1579286","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpDomain","NAME NOT FOUND","Length: 144"
"12:27:04,1581250","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,1583238","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1584894","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,1586909","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,1588901","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1590482","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}\Dhcpv6Domain","NAME NOT FOUND","Length: 144"
"12:27:04,1592106","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS",""
"12:27:04,1594084","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1595721","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,1597699","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,1599355","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1600951","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,1602565","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS",""
"12:27:04,1625545","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1629570","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,1632421","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,1635612","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1637594","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1639577","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1641219","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,1644806","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,1647629","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1649649","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,1651687","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,1654486","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1656441","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1658050","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1659646","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,1661642","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,1688956","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1691004","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,1693350","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,1695356","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1700166","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,1701789","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{689b7388-ef49-4783-8a7d-cfdfcd8bba3f}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,1703819","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,1710256","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1712258","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,1714268","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,1716265","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1720659","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,1722297","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{bf153787-fe96-4539-9665-46c29577296d}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,1730540","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,1739357","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1741834","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,1744586","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,1746988","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1751854","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,1753823","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b22f8e64-9830-440f-ad79-ff19ed43e1cf}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,1755875","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,1763852","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1766656","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,1768699","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,1771041","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1775445","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,1777064","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{79532670-d7de-46bb-bd5b-954c8222db41}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,1779056","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,1840125","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1842490","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,1844869","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,1846913","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1848881","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}\SearchList","NAME NOT FOUND","Length: 144"
"12:27:04,1850878","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS",""
"12:27:04,1872636","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1875817","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,1878639","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,1881434","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1886715","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,1888702","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:04,1889108","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","Desired Access: Query Value"
"12:27:04,1891860","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,1893087","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1894248","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,1895886","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:04,1895909","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:04,1898288","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1899926","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:04,1901871","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:04,1903872","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:04,1915791","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1918642","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,1921459","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,1927808","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1929465","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,1932245","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,1933868","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1935478","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 38, Data: wohnheim.uni-kl.de"
"12:27:04,1937876","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:04,1939228","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:04,1940250","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1942708","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,1944010","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,1945088","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,1947136","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1951078","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,1953499","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{063868ca-bb64-4872-8149-e3742d680278}","SUCCESS",""
"12:27:04,1960991","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:04,1973241","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1976096","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,1978918","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,1981717","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,1983700","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1985682","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,1987301","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:04,1988673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,1988957","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:04,1991313","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:04,1993342","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,1994709","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.436.864, Length: 16.200"
"12:27:04,1995353","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,1997746","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,1999752","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2001352","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2002966","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2004576","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:04,2006190","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 56, Data: 131.246.9.116 131.246.1.116"
"12:27:04,2008191","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:04,2015170","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,2019933","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\vmstorfl.sys","NO SUCH FILE","Filter: vmstorfl.sys"
"12:27:04,2022783","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:04,2036531","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2040576","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,2043799","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,2047293","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,2052886","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Filter: vmstorfl.sys, 1: vmstorfl.sys"
"12:27:04,2058088","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:04,2063695","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2067334","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,2070931","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,2077728","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2083773","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,2086600","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","Desired Access: Query Value"
"12:27:04,2090178","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableDhcp","NAME NOT FOUND","Length: 144"
"12:27:04,2093005","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,2093043","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,2095413","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,2097843","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2100208","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,2102611","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,2103268","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:04,2105447","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2106049","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,2107411","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled","NAME NOT FOUND","Length: 144"
"12:27:04,2108689","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,2110294","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain","NAME NOT FOUND","Length: 144"
"12:27:04,2111885","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain","NAME NOT FOUND","Length: 144"
"12:27:04,2113485","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,2116079","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,2116237","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2117907","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,2120268","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,2121695","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,2123454","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2129141","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,2130223","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,2134169","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,2154723","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2157905","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,2159598","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,2160751","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,2163573","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2163596","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:04,2165584","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,2166003","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:04,2167547","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,2169544","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,2172352","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2173257","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,2174363","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,2176374","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,2178445","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,2178823","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2180773","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,2182378","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,2182494","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,2184010","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,2191260","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2193280","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,2195626","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,2196937","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,2197637","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2200935","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:04,2202479","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,2204522","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,2204895","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475fac-f615-4e2a-8127-ed2d902b06d8}","SUCCESS","Desired Access: Query Value"
"12:27:04,2207321","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,2209668","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,2210937","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,2212929","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2214907","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,2216926","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,2218904","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2220481","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,2222086","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,2224936","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2226560","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 26, Data: speedport.ip"
"12:27:04,2228570","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,2230567","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2232979","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,2233417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 5.284, Length: 4.096"
"12:27:04,2235339","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,2237341","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2238614","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,2239878","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:04,2240573","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,2261939","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2265494","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,2269501","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,2272729","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2275169","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2275533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,2277917","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2281812","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,2287391","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,2290265","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,2293418","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2296227","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","REPARSE","Desired Access: Read"
"12:27:04,2299413","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","Desired Access: Read"
"12:27:04,2302240","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2304288","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2306667","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2309074","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,2311491","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}\DhcpNameServer","SUCCESS","Type: REG_SZ, Length: 48, Data: 192.168.1.1 192.168.1.1"
"12:27:04,2314304","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69475FAC-F615-4E2A-8127-ED2D902B06D8}","SUCCESS",""
"12:27:04,2328210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 39.424, Length: 7.040"
"12:27:04,2341165","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 34.304, Length: 4.096"
"12:27:04,2346735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 18.944, Length: 4.096"
"12:27:04,2360044","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2363300","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,2366463","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,2367219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 39.424, Length: 4.096"
"12:27:04,2368926","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2371576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 37.376, Length: 4.096"
"12:27:04,2374501","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,2376166","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","Desired Access: Query Value"
"12:27:04,2378559","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\EnableDhcp","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,2380052","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,2380971","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,2382585","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,2384876","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 5.120, Length: 4.096"
"12:27:04,2384927","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2387731","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,2389788","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,2392135","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2393767","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,2394896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 39.424, Length: 4.096"
"12:27:04,2395423","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,2396095","firefox.exe","6744","LockFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Exclusive: True, Offset: 124, Length: 1, Fail Immediately: True"
"12:27:04,2397798","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2399305","firefox.exe","6744","UnlockFileSingle","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Offset: 124, Length: 1"
"12:27:04,2399748","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpDomain","NAME NOT FOUND","Length: 144"
"12:27:04,2402174","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,2402519","firefox.exe","6744","LockFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Exclusive: False, Offset: 124, Length: 1, Fail Immediately: True"
"12:27:04,2404175","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2405322","firefox.exe","6744","LockFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Exclusive: True, Offset: 120, Length: 1, Fail Immediately: True"
"12:27:04,2405854","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,2408201","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,2410608","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2412647","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}\Dhcpv6Domain","NAME NOT FOUND","Length: 144"
"12:27:04,2415040","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS",""
"12:27:04,2417074","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2419070","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,2421081","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,2423614","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 43.520, Length: 2.944"
"12:27:04,2424715","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2427435","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}\NameServer","NAME NOT FOUND","Length: 144"
"12:27:04,2429851","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{a10cc0fc-c219-4458-b30c-636c59ad8476}","SUCCESS",""
"12:27:04,2433252","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:04,2449855","firefox.exe","6744","WriteFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-wal","SUCCESS","Offset: 262.368, Length: 24"
"12:27:04,2450844","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2454067","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,2455877","firefox.exe","6744","WriteFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-wal","SUCCESS","Offset: 262.392, Length: 32.768"
"12:27:04,2457235","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,2460332","firefox.exe","6744","UnlockFileSingle","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Offset: 120, Length: 1"
"12:27:04,2461247","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2462674","firefox.exe","6744","UnlockFileSingle","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Offset: 124, Length: 1"
"12:27:04,2463266","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2465249","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2466882","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,2469648","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,2472484","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2474518","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","REPARSE","Desired Access: Read"
"12:27:04,2476865","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","Desired Access: Read"
"12:27:04,2478899","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2479057","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,2481278","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2482878","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\NameServer","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2484483","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}\DhcpNameServer","NAME NOT FOUND","Length: 144"
"12:27:04,2485038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 4.096, Length: 35.328"
"12:27:04,2486158","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A10CC0FC-C219-4458-B30C-636C59AD8476}","SUCCESS",""
"12:27:04,2509417","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2511759","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,2513788","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,2515794","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2520609","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,2522237","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{689b7388-ef49-4783-8a7d-cfdfcd8bba3f}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,2526678","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,2534268","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2535630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 40.811, Length: 4.096"
"12:27:04,2537426","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,2540276","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,2543094","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2549102","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,2550110","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:04,2551873","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{bf153787-fe96-4539-9665-46c29577296d}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,2553749","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2554724","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,2556552","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,2559757","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:04,2562538","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:04,2562752","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2565369","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2565952","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,2568150","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:04,2569530","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,2572745","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2573785","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:04,2578184","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:04,2578753","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,2580232","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2581235","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b22f8e64-9830-440f-ad79-ff19ed43e1cf}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,2582634","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:04,2584426","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,2585028","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:04,2594838","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2597693","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","REPARSE","Desired Access: Read"
"12:27:04,2600856","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces","SUCCESS","Desired Access: Read"
"12:27:04,2603692","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2607410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 5.284, Length: 4.096"
"12:27:04,2609640","swi_service.exe","2116","RegQueryKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:04,2610998","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,2612103","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{79532670-d7de-46bb-bd5b-954c8222db41}","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,2614935","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces","SUCCESS",""
"12:27:04,2619049","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 21.504, Length: 4.096"
"12:27:04,2622231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 5.284, Length: 4.096"
"12:27:04,2627852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,2633114","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:04,2638335","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:04,2643014","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2643928","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:04,2646176","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage","REPARSE","Desired Access: Read"
"12:27:04,2649003","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage","SUCCESS","Desired Access: Read"
"12:27:04,2649162","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:04,2651844","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Linkage","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2654233","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","BUFFER OVERFLOW","Length: 144"
"12:27:04,2654377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:04,2656649","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","BUFFER OVERFLOW","Length: 144"
"12:27:04,2658660","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 566, Data: \Device\{156551C9-638C-466B-84CE-399520B5E44A}, \Device\{D5D3469D-E627-42DE-9326-C4A53EDCDAFF}, \Device\{FA092F81-10BD-485C-BE36-07049B574F79}, \Device\{A10CC0FC-C219-4458-B30C-636C59AD8476}, \Device\{69475FAC-F615-4E2A-8127-ED2D902B06D8}, \Device\{063868CA-BB64-4872-8149-E3742D680278}"
"12:27:04,2661025","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","BUFFER OVERFLOW","Length: 144"
"12:27:04,2662611","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","BUFFER OVERFLOW","Length: 144"
"12:27:04,2663302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:04,2663852","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 566, Data: \Device\{156551C9-638C-466B-84CE-399520B5E44A}, \Device\{D5D3469D-E627-42DE-9326-C4A53EDCDAFF}, \Device\{FA092F81-10BD-485C-BE36-07049B574F79}, \Device\{A10CC0FC-C219-4458-B30C-636C59AD8476}, \Device\{69475FAC-F615-4E2A-8127-ED2D902B06D8}, \Device\{063868CA-BB64-4872-8149-E3742D680278}"
"12:27:04,2667813","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Linkage","SUCCESS",""
"12:27:04,2669688","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:04,2674955","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2675300","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:04,2677791","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","REPARSE","Desired Access: Read"
"12:27:04,2680543","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:04,2680618","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","Desired Access: Read"
"12:27:04,2683412","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2685414","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\QueryAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,2685778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:04,2687462","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DisableAdapterDomainName","NAME NOT FOUND","Length: 144"
"12:27:04,2689402","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegistrationEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:04,2691035","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegisterAdapterName","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12:27:04,2691413","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 45.056, Length: 1.408"
"12:27:04,2692644","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 144"
"12:27:04,2694254","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\MaxNumberOfAddressesToRegister","NAME NOT FOUND","Length: 144"
"12:27:04,2695859","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\EnableMulticast","NAME NOT FOUND","Length: 144"
"12:27:04,2697468","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2699078","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2700710","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 38, Data: wohnheim.uni-kl.de"
"12:27:04,2702656","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}\DhcpDomain","SUCCESS","Type: REG_SZ, Length: 38, Data: wohnheim.uni-kl.de"
"12:27:04,2704689","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{063868CA-BB64-4872-8149-E3742D680278}","SUCCESS",""
"12:27:04,2707395","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 5.284, Length: 4.096"
"12:27:04,2711822","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,2713936","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2716296","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:04,2716319","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","REPARSE","Desired Access: Read"
"12:27:04,2718689","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}","SUCCESS","Desired Access: Read"
"12:27:04,2721026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:04,2721507","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2723942","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,2725547","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName","NAME NOT FOUND","Length: 144"
"12:27:04,2726718","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:04,2727562","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled","NAME NOT FOUND","Length: 144"
"12:27:04,2729153","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate","NAME NOT FOUND","Length: 144"
"12:27:04,2730403","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName","NAME NOT FOUND","Length: 144"
"12:27:04,2731495","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:04,2731984","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration","NAME NOT FOUND","Length: 144"
"12:27:04,2733552","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount","NAME NOT FOUND","Length: 144"
"12:27:04,2734793","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister","NAME NOT FOUND","Length: 144"
"12:27:04,2735926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:04,2736360","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableMulticast","NAME NOT FOUND","Length: 144"
"12:27:04,2737606","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain","NAME NOT FOUND","Length: 144"
"12:27:04,2739164","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain","NAME NOT FOUND","Length: 144"
"12:27:04,2740694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:04,2741566","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}","SUCCESS",""
"12:27:04,2745144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:04,2745644","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\SearchList","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2747635","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\SearchList","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2749576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:04,2750033","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS",""
"12:27:04,2751633","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS",""
"12:27:04,2753989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:04,2756457","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2758421","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:04,2758841","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read"
"12:27:04,2762881","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,2763161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 45.056, Length: 1.408"
"12:27:04,2765703","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2767672","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2769654","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","REPARSE","Desired Access: Read"
"12:27:04,2771320","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,2773330","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2775257","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2776932","swi_service.exe","2116","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\Windows NT\DnsClient","REPARSE","Desired Access: Read"
"12:27:04,2779278","swi_service.exe","2116","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
"12:27:04,2779637","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 5.284, Length: 4.096"
"12:27:04,2781279","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 20, Data: Error3725"
"12:27:04,2782912","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Hostname","SUCCESS","Type: REG_SZ, Length: 20, Data: Error3725"
"12:27:04,2784540","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS",""
"12:27:04,2786117","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS",""
"12:27:04,2787638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 39.424, Length: 4.096"
"12:27:04,2788487","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2790157","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","REPARSE","Desired Access: Read"
"12:27:04,2793366","swi_service.exe","2116","RegCreateKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,2796119","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2797756","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2799398","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","REPARSE","Desired Access: Read"
"12:27:04,2801358","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\DnsCache\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,2803009","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2804614","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2806582","swi_service.exe","2116","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\Windows NT\DnsClient","REPARSE","Desired Access: Read"
"12:27:04,2808234","swi_service.exe","2116","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient","NAME NOT FOUND","Desired Access: Read"
"12:27:04,2810226","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2812185","swi_service.exe","2116","RegOpenKey","HKLM\Software\Wow6432Node\Policies\Microsoft\System\DNSClient","REPARSE","Desired Access: Query Value"
"12:27:04,2813836","swi_service.exe","2116","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient","NAME NOT FOUND","Desired Access: Query Value"
"12:27:04,2815810","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2817443","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"12:27:04,2819416","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Tcpip\Parameters","SUCCESS",""
"12:27:04,2820983","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\Dnscache\Parameters","SUCCESS",""
"12:27:04,2822644","swi_service.exe","2116","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,2828653","swi_service.exe","2116","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters","REPARSE","Desired Access: Read"
"12:27:04,2832716","swi_service.exe","2116","RegOpenKey","HKLM\System\CurrentControlSet\Services\NetBT\Parameters","SUCCESS","Desired Access: Read"
"12:27:04,2836728","swi_service.exe","2116","RegSetInfoKey","HKLM\System\CurrentControlSet\services\NetBT\Parameters","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,2839541","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\NodeType","NAME NOT FOUND","Length: 144"
"12:27:04,2842316","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\DhcpNodeType","NAME NOT FOUND","Length: 144"
"12:27:04,2844336","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\ScopeId","NAME NOT FOUND","Length: 144"
"12:27:04,2845941","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\DhcpScopeId","NAME NOT FOUND","Length: 144"
"12:27:04,2847527","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\EnableProxy","NAME NOT FOUND","Length: 144"
"12:27:04,2849118","swi_service.exe","2116","RegQueryValue","HKLM\System\CurrentControlSet\services\NetBT\Parameters\EnableDns","NAME NOT FOUND","Length: 144"
"12:27:04,2851124","swi_service.exe","2116","RegCloseKey","HKLM\System\CurrentControlSet\services\NetBT\Parameters","SUCCESS",""
"12:27:04,2859465","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:04,2863911","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 11.264, Length: 4.096"
"12:27:04,2868277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 15.360, Length: 4.096"
"12:27:04,3005139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vmstorfl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,3508809","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:04,3512849","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,3515620","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:04,3518032","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,3520029","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:04,3522011","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:04,3524493","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:04,3559737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:04,3564202","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,3581322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:04,3599810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,3605403","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.191.298, Length: 16.200"
"12:27:04,3629442","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,3633897","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\wd.sys","NO SUCH FILE","Filter: wd.sys"
"12:27:04,3637060","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:04,3653117","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,3657096","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\wd.sys","SUCCESS","Filter: wd.sys, 1: wd.sys"
"12:27:04,3660758","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:04,3686457","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,3692032","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:04,3694047","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,3700438","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,3704058","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,3707282","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,3743361","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,3748926","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:04,3751016","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:04,3758615","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,3763005","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,3766994","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,3781917","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,3786312","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:04,3790706","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,3818024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 10.852, Length: 4.096"
"12:27:04,3824397","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:04,3844288","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 4.328, Length: 4.096"
"12:27:04,3861549","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,3902400","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 13.824, Length: 7.232"
"12:27:04,3908035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 10.752, Length: 4.096"
"12:27:04,3911627","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 8.704, Length: 4.096"
"12:27:04,3933506","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 13.824, Length: 4.096"
"12:27:04,3946153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:04,3955749","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,3971027","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 13.824, Length: 4.096"
"12:27:04,3992341","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 17.920, Length: 3.136"
"12:27:04,3997963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:04,4053145","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,4059494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 4.096, Length: 9.728"
"12:27:04,4086024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 15.196, Length: 4.096"
"12:27:04,4149762","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 10.852, Length: 4.096"
"12:27:04,4152183","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,4160193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 9.728, Length: 4.096"
"12:27:04,4193095","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 13.824, Length: 4.096"
"12:27:04,4341125","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,4629655","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:04,4632468","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:04,4634824","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:04,4637697","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,4639764","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:04,4641317","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:04,4644228","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,4646668","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:04,4649047","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,4651021","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:04,4652663","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:04,4655443","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:04,4692362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\wd.sys.mui","SUCCESS","Offset: 0, Length: 2.048, I/O Flags: Synchronous"
"12:27:04,4696812","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\wd.sys.mui","SUCCESS","Offset: 0, Length: 2.048, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,4713466","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\wd.sys.mui","SUCCESS","Offset: 184, Length: 1.864"
"12:27:04,4732401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\wd.sys.mui","SUCCESS","Offset: 0, Length: 2.048"
"12:27:04,4738018","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.464.404, Length: 16.200"
"12:27:04,4741620","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.461.696, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,4772185","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,4777451","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\wd.sys.mui","NO SUCH FILE","Filter: wd.sys.mui"
"12:27:04,4781804","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:04,4799904","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,4804723","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\wd.sys.mui","SUCCESS","Filter: wd.sys.mui, 1: wd.sys.mui"
"12:27:04,4809122","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:04,4844399","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,4850836","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:04,4853188","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,4860064","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,4864034","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,4867654","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,4895718","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,4898965","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:04,4900906","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:04,4906942","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,4910553","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,4913781","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,4928243","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,4932208","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:04,4935455","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,5845139","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:04,5849538","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,5851969","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:04,5854385","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,5856037","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:04,5858831","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:04,5861574","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:04,5900923","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:04,5909735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,5944298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:04,5962748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,5968346","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 845.538, Length: 16.200"
"12:27:04,5971495","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 851.968, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,6002606","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,6007430","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\volsnap.sys","NO SUCH FILE","Filter: volsnap.sys"
"12:27:04,6010602","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:04,6031058","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,6035476","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Filter: volsnap.sys, 1: volsnap.sys"
"12:27:04,6042338","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:04,6068816","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,6077643","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:04,6079672","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,6089254","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,6093247","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,6096886","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,6133366","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,6136641","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:04,6138591","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:04,6145411","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,6149026","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,6152264","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,6166296","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,6172725","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:04,6175972","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,6202389","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 249.452, Length: 4.096"
"12:27:04,6205995","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 245.760, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,6220667","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:04,6265997","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,6314527","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 288.768, Length: 7.040"
"12:27:04,6318147","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 286.720, Length: 9.088, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,6333970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 251.392, Length: 4.096"
"12:27:04,6337600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 253.952, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,6351669","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 36.352, Length: 4.096"
"12:27:04,6363276","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 255.488, Length: 4.096"
"12:27:04,6368062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 258.048, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,6406814","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 288.768, Length: 4.096"
"12:27:04,6411615","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:04,6415659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:04,6418841","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 282.624, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,6439945","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,6445161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 249.344, Length: 4.096"
"12:27:04,6458848","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 288.768, Length: 4.096"
"12:27:04,6481706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 292.864, Length: 2.944"
"12:27:04,6487337","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:04,6531071","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,6536268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:27:04,6539104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 61.840, Length: 61.440"
"12:27:04,6542323","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 123.280, Length: 61.440"
"12:27:04,6567528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 184.720, Length: 61.440"
"12:27:04,6571563","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 246.160, Length: 42.608"
"12:27:04,6838555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 290.155, Length: 4.096"
"12:27:04,6907159","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 249.452, Length: 4.096"
"12:27:04,6909977","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,6917963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 48.128, Length: 4.096"
"12:27:04,6921201","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 249.452, Length: 4.096"
"12:27:04,6926019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,6931282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:04,6936819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:04,6941708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:04,6946919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:04,6952125","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:04,6957326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:04,6962542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:04,6967781","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:04,6973332","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:04,6978216","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:04,6983413","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:04,6988614","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:04,6993825","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:04,6999437","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:04,7004657","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:04,7009868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:04,7015074","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:04,7020280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:04,7026751","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:04,7031971","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:04,7037177","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:04,7042379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:04,7047589","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:04,7052800","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:04,7058006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:04,7063217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:04,7068419","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:04,7073625","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:04,7078509","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:04,7083710","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:04,7088921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:04,7094127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:04,7099338","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:04,7104540","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:04,7109736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:04,7114621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:04,7119818","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:04,7125430","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:04,7130645","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:04,7135851","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:04,7141062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:04,7146259","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:04,7151451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:04,7156335","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:04,7161537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:04,7166738","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:04,7171930","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:04,7176814","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:04,7182007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:04,7187208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:04,7192414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:04,7197611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:04,7202486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:04,7207678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:04,7212875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:04,7218067","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:04,7223301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:04,7229361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:04,7234581","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:04,7239778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:04,7244989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:04,7250186","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:04,7255438","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:04,7261013","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:04,7266229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:04,7271463","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:04,7276669","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:04,7281884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:04,7287086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:04,7292283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:04,7297167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:04,7302373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 294.912, Length: 896"
"12:27:04,7317184","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 249.452, Length: 4.096"
"12:27:04,7321574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,7326440","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:04,7330857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:04,7335266","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:04,7339674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:04,7344078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:04,7348486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:04,7352900","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:04,7357308","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:04,7361716","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:04,7366130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:04,7370533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:04,7374937","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:04,7379341","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:04,7383432","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:04,7387831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:04,7392240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:04,7396643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:04,7401047","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:04,7405460","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:04,7409864","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:04,7414272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:04,7418685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:04,7423136","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:04,7428766","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:04,7433175","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:04,7437579","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:04,7441987","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:04,7446391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:04,7450795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:04,7455203","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:04,7459607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:04,7464006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:04,7468414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:04,7472818","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:04,7476905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:04,7481308","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:04,7485717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:04,7490116","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:04,7494524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:04,7498933","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:04,7503341","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:04,7507750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:04,7512153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:04,7516557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:04,7520956","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:04,7525449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:04,7529862","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:04,7534270","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:04,7538674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:04,7543082","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:04,7547897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:04,7552319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:04,7556727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:04,7561145","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:04,7565549","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:04,7569953","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:04,7574361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:04,7578770","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:04,7583183","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:04,7587596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:04,7592009","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:04,7596427","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:04,7600835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:04,7605248","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:04,7609666","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:04,7614084","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:04,7618501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:04,7622947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:04,7629343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:04,7633761","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:04,7638178","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:04,7642587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 294.912, Length: 896"
"12:27:04,7661009","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 249.452, Length: 4.096"
"12:27:04,7668212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 288.768, Length: 4.096"
"12:27:04,7861585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\volsnap.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,8158788","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:04,8162753","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,8167954","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:04,8170394","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,8172055","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:04,8174009","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:04,8176025","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:04,8209715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:04,8213779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,8256230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:04,8284295","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,8291465","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.649.544, Length: 16.200"
"12:27:04,8317537","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,8322007","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\volsnap.sys.mui","NO SUCH FILE","Filter: volsnap.sys.mui"
"12:27:04,8328029","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:04,8347235","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,8352460","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Filter: volsnap.sys.mui, 1: volsnap.sys.mui"
"12:27:04,8357666","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:04,8390144","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,8396581","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:04,8398606","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,8409424","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,8414635","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,8425891","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,8475672","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,8481633","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:04,8484437","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:04,8494136","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,8499720","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,8505318","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,8529725","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,8536900","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:04,8542106","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,8648813","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 27.136, Length: 1.536"
"12:27:04,8657285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,8807754","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:04,8812904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:04,8817695","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:04,8821768","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:04,8826606","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:04,8833090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:04,9012291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\volsnap.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,9231374","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9234956","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976147, endtime: 976147, seqnum: 0, connid: 0"
"12:27:04,9248265","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9250248","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9251447","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9253010","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976147, endtime: 976147, seqnum: 0, connid: 0"
"12:27:04,9272733","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9274287","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9275131","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9276293","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9277133","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9279115","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9280333","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976147, endtime: 976147, seqnum: 0, connid: 0"
"12:27:04,9402864","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.358.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,9410150","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.358.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,9412931","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.358.739, Length: 1.460"
"12:27:04,9418305","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.360.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,9454930","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.360.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,9457747","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.371.776, EndOfFile: 407.360.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,9461731","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.360.199, Length: 13.140, Priority: Normal"
"12:27:04,9481805","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 407.371.776, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:04,9486568","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.373.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,9493010","firefox.exe","6744","TCP Receive","Error3725.wohnheim.uni-kl.de:65073 -> ec2-107-20-166-89.compute-1.amazonaws.com:http","SUCCESS","Length: 315, seqnum: 0, connid: 0"
"12:27:04,9518159","firefox.exe","6744","TCP Receive","lmlicenses.wip4.adobe.com:65072 -> lmlicenses.wip4.adobe.com:65071","SUCCESS","Length: 315, seqnum: 0, connid: 0"
"12:27:04,9521401","firefox.exe","6744","TCP Send","lmlicenses.wip4.adobe.com:65071 -> lmlicenses.wip4.adobe.com:65072","SUCCESS","Length: 315, startime: 976147, endtime: 976147, seqnum: 0, connid: 0"
"12:27:04,9625328","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9628491","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9630086","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9631663","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9632913","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9635754","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9637294","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:04,9637742","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976147, endtime: 976147, seqnum: 0, connid: 0"
"12:27:04,9641315","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:04,9643769","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:04,9646162","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:04,9648149","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:04,9650127","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:04,9652161","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:04,9656971","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9660199","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976147, endtime: 976147, seqnum: 0, connid: 0"
"12:27:04,9676951","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 3472, seqnum: 0, connid: 0"
"12:27:04,9678528","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 2368, seqnum: 0, connid: 0"
"12:27:04,9691109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:04,9696754","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:04,9713576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:04,9743334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:04,9750956","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 240.630, Length: 16.200"
"12:27:04,9777388","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,9782669","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\spldr.sys","NO SUCH FILE","Filter: spldr.sys"
"12:27:04,9786658","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:04,9788071","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.373.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,9790903","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.373.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,9792872","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.373.339, Length: 14.600"
"12:27:04,9796137","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.387.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:04,9807944","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,9812707","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Filter: spldr.sys, 1: spldr.sys"
"12:27:04,9816752","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:04,9850452","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,9856068","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:04,9858079","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,9864512","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,9868477","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,9872116","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,9898972","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,9902210","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:04,9903843","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:04,9909860","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,9914199","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:04,9917856","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:04,9938294","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:04,9943089","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:04,9945100","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9947577","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:04,9948286","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9949965","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9952732","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976148, endtime: 976148, seqnum: 0, connid: 0"
"12:27:04,9976449","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9979168","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9980442","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 8.424, Length: 4.096"
"12:27:04,9980792","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9982396","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9983987","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9986800","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:04,9987649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:04,9989207","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976148, endtime: 976148, seqnum: 0, connid: 0"
"12:27:05,0009286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 6.664, Length: 4.096"
"12:27:05,0033012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,0033086","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,0036730","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:05,0040322","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:05,0043904","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:05,0046335","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:05,0048383","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,0050389","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:05,0055884","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:05,0059947","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:05,0061991","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:05,0063997","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,0065998","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:05,0068051","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:05,0070420","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:05,0072412","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:05,0074059","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,0076032","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:05,0078048","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:05,0080077","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:05,0082050","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:05,0088744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 11.776, Length: 7.232"
"12:27:05,0092654","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.387.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0096306","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.387.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0096745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 6.656, Length: 4.096"
"12:27:05,0099091","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.387.939, Length: 4.380"
"12:27:05,0102390","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 10.752, Length: 4.096"
"12:27:05,0106434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 2.048, Length: 4.096"
"12:27:05,0108734","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.392.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0126899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 11.776, Length: 4.096"
"12:27:05,0138921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,0153761","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 11.776, Length: 4.096"
"12:27:05,0179423","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 15.872, Length: 3.136"
"12:27:05,0185837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:05,0197905","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.392.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0201082","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.392.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0203466","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.392.319, Length: 7.300"
"12:27:05,0206727","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.399.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0232291","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.399.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0233149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,0235123","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.399.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0237133","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.399.619, Length: 1.460"
"12:27:05,0238845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 4.096, Length: 7.680"
"12:27:05,0240348","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.401.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0264466","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 13.148, Length: 4.096"
"12:27:05,0271263","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0274099","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0275648","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:05,0277299","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976148, endtime: 976148, seqnum: 0, connid: 0"
"12:27:05,0299369","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0300988","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0302574","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0303414","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0304571","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0306581","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:05,0307803","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976148, endtime: 976148, seqnum: 0, connid: 0"
"12:27:05,0319069","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0320660","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0321826","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0323063","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976148, endtime: 976148, seqnum: 0, connid: 0"
"12:27:05,0341088","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 8.424, Length: 4.096"
"12:27:05,0344340","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,0354780","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 8.424, Length: 4.096"
"12:27:05,0361395","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.401.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0365351","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.401.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0366984","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.401.079, Length: 3.472"
"12:27:05,0373118","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.404.551, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0396107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 12.520, Length: 4.096"
"12:27:05,0398846","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.404.551, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0400460","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 11.776, Length: 4.096"
"12:27:05,0401654","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.404.551, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0403693","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.404.551, Length: 8.208"
"12:27:05,0407681","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.412.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0459626","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.412.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0464589","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.412.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0468545","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.412.759, Length: 4.380"
"12:27:05,0472604","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.417.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0566221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\spldr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,0638384","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0641617","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976148, endtime: 976148, seqnum: 0, connid: 0"
"12:27:05,0670111","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0672522","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0674440","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0675732","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0677323","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0680098","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0682142","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976148, endtime: 976148, seqnum: 0, connid: 0"
"12:27:05,0697737","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0699766","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0701361","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0703358","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976148, endtime: 976148, seqnum: 0, connid: 0"
"12:27:05,0732398","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.417.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0732654","sua.exe","2440","Thread Exit","","SUCCESS","Thread ID: 9292, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:05,0736410","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.417.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0738061","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.417.139, Length: 1.460"
"12:27:05,0740874","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.418.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0935325","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.418.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0939290","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.418.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0943274","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.418.599, Length: 7.300"
"12:27:05,0947683","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.425.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0972165","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0975398","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976149, endtime: 976149, seqnum: 0, connid: 0"
"12:27:05,0981345","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.425.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0984620","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.425.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0987382","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.425.899, Length: 1.460"
"12:27:05,0990591","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.427.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,0991468","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0994211","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0995816","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,0997822","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976149, endtime: 976149, seqnum: 0, connid: 0"
"12:27:05,1016683","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.427.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,1019160","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.427.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,1020788","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.427.359, Length: 4.380"
"12:27:05,1024343","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.431.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,1107235","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.431.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,1110519","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.431.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,1112521","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.431.739, Length: 1.460"
"12:27:05,1115310","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.433.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,1141574","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.433.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,1145983","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.437.312, EndOfFile: 407.433.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,1151935","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.433.199, Length: 4.380, Priority: Normal"
"12:27:05,1178428","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.437.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,1473270","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:05,1478448","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,1482058","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:05,1485282","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:05,1488048","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:05,1490516","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:05,1493702","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:05,1534596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:05,1539405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,1561270","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:05,1594984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,1601011","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.242.924, Length: 16.200"
"12:27:05,1625829","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,1630653","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\rdyboost.sys","NO SUCH FILE","Filter: rdyboost.sys"
"12:27:05,1633853","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:05,1650745","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,1654738","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Filter: rdyboost.sys, 1: rdyboost.sys"
"12:27:05,1658778","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:05,1686474","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,1692077","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:05,1694101","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:05,1700506","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,1704140","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:05,1707690","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:05,1736963","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,1740994","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:05,1743382","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:05,1751793","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,1756645","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:05,1761044","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:05,1779107","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,1783567","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:05,1787588","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:05,1815265","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 179.936, Length: 4.096"
"12:27:05,1818825","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 176.128, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,1836277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:05,1855543","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 179.020, Length: 4.096"
"12:27:05,1873200","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,1913720","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 206.848, Length: 7.040"
"12:27:05,1917769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 204.800, Length: 9.088, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,1935940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 178.176, Length: 4.096"
"12:27:05,1940343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 182.272, Length: 4.096"
"12:27:05,1943539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 184.320, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,1960706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:05,1964741","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 129.024, Length: 4.096"
"12:27:05,1967941","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 131.072, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,2003699","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 185.856, Length: 4.096"
"12:27:05,2007309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 188.416, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,2032580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 206.848, Length: 4.096"
"12:27:05,2037856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 187.904, Length: 4.096"
"12:27:05,2042190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 204.288, Length: 4.096"
"12:27:05,2045035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 200.704, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,2063859","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,2078782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 206.848, Length: 4.096"
"12:27:05,2102447","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 210.944, Length: 2.944"
"12:27:05,2108423","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:05,2156198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,2161418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 4.096, Length: 57.752"
"12:27:05,2164595","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 61.848, Length: 61.440"
"12:27:05,2167837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 123.288, Length: 61.440"
"12:27:05,2186520","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 184.728, Length: 22.120"
"12:27:05,2439559","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 208.235, Length: 4.096"
"12:27:05,2511405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 179.936, Length: 4.096"
"12:27:05,2514553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,2522171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 138.752, Length: 4.096"
"12:27:05,2527018","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 179.936, Length: 4.096"
"12:27:05,2532598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,2537874","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:05,2543099","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:05,2548309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:05,2553516","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:05,2559888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:05,2566298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:05,2572353","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:05,2579140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:05,2589436","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:05,2597469","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:05,2604723","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:05,2611926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:05,2617958","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:05,2624340","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:05,2630329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:05,2635559","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:05,2640756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:05,2645635","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:05,2650832","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:05,2656038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:05,2661235","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:05,2666432","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:05,2671307","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:05,2676504","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:05,2681696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:05,2686571","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:05,2691758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:05,2696955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:05,2702156","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:05,2707344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:05,2712237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:05,2717434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:05,2722995","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:05,2730664","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:05,2735889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:05,2742252","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:05,2748708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:05,2754367","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:05,2759587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:05,2764784","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:05,2770401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:05,2776391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:05,2781597","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:05,2786784","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:05,2791673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:05,2796865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:05,2802071","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:05,2807264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:05,2812143","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:05,2817335","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:05,2822574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:05,2829357","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 212.992, Length: 896"
"12:27:05,2845386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 179.936, Length: 4.096"
"12:27:05,2849818","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,2854259","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:05,2859031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:05,2863435","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:05,2867839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:05,2871925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:05,2876329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:05,2880728","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:05,2885141","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:05,2889549","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:05,2893953","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:05,2898362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:05,2902770","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:05,2908013","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:05,2913598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:05,2918841","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:05,2925255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:05,2930858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:05,2938896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:05,2946099","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:05,2952494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:05,2958144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:05,2962986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:05,2967767","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:05,2972204","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:05,2976631","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:05,2981063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:05,2985480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:05,2989889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:05,2994288","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:05,2998696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:05,3003114","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:05,3007527","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:05,3011936","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:05,3016344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:05,3020753","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:05,3027195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:05,3032005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:05,3036422","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:05,3040826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:05,3045234","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:05,3049634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:05,3054047","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:05,3058455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:05,3062863","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:05,3067267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:05,3071676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:05,3076089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:05,3080502","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:05,3084906","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:05,3089305","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:05,3093405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:05,3097809","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 212.992, Length: 896"
"12:27:05,3115811","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 179.936, Length: 4.096"
"12:27:05,3123448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 206.848, Length: 4.096"
"12:27:05,3140494","firefox.exe","6744","TCP Receive","lmlicenses.wip4.adobe.com:65071 -> lmlicenses.wip4.adobe.com:65072","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:05,3143246","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:05,3143321","firefox.exe","6744","TCP Receive","lmlicenses.wip4.adobe.com:65071 -> lmlicenses.wip4.adobe.com:65072","SUCCESS","Length: 996, seqnum: 0, connid: 0"
"12:27:05,3145355","firefox.exe","6744","TCP Send","lmlicenses.wip4.adobe.com:65072 -> lmlicenses.wip4.adobe.com:65071","SUCCESS","Length: 2456, startime: 976151, endtime: 976151, seqnum: 0, connid: 0"
"12:27:05,3147300","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:05,3150883","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:05,3154050","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:05,3156103","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:05,3158127","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:05,3160875","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:05,3162918","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:05,3164957","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:05,3167345","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:05,3169706","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:05,3171782","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:05,3173741","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:05,3175794","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:05,3177748","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:05,3179405","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:05,3181406","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3183351","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:05,3185376","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:05,3187396","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:05,3189416","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:05,3191790","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:05,3193796","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:05,3195821","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:05,3197453","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:05,3201022","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:05,3203014","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:05,3205053","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:05,3206513","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 189.952, Length: 4.096"
"12:27:05,3208234","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3210683","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:05,3213860","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3223475","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3229236","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3233248","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3235986","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:05,3238837","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3249846","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3256606","swi_service.exe","2116","ReadFile","C:\ProgramData\Sophos\Web Intelligence\sxl3_cache.dat","SUCCESS","Offset: 47.746.552, Length: 56"
"12:27:05,3257478","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3262684","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3266635","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3270708","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3280085","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:05,3283747","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3286928","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:05,3292172","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3295787","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3299780","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3303368","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:05,3307403","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3310976","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3314242","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3318202","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3321416","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3332435","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3336083","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:05,3340053","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdyboost.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,3341154","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3346034","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:05,3358830","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3362100","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3366102","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3369270","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:05,3372526","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3375278","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3377308","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3379696","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3381693","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3383769","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3385751","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:05,3388117","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3389745","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:05,3400651","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3403838","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3407061","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3409114","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:05,3411540","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3430521","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3434935","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3439679","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3442972","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:05,3447311","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3450520","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3453408","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3456930","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,3459780","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:05,3463036","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3465826","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:05,3469031","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:05,3471816","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:05,4142774","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:05,4148012","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,4151982","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:05,4155593","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:05,4158406","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:05,4160846","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:05,4164013","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:05,4201758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:05,4206530","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,4224504","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:05,4251333","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,4257747","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 759.678, Length: 16.200"
"12:27:05,4279458","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,4284221","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\mup.sys","NO SUCH FILE","Filter: mup.sys"
"12:27:05,4287071","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:05,4290225","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> fe80::41d:71d7:343d:3a50:64689","SUCCESS","Length: 24, seqnum: 0, connid: 0"
"12:27:05,4295034","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes166.wohnheim.uni-kl.de:64689","SUCCESS","Length: 24, seqnum: 0, connid: 0"
"12:27:05,4303100","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,4307070","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\mup.sys","SUCCESS","Filter: mup.sys, 1: mup.sys"
"12:27:05,4310769","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:05,4345412","firefox.exe","6744","TCP Send","Error3725.wohnheim.uni-kl.de:65073 -> ec2-107-20-166-89.compute-1.amazonaws.com:http","SUCCESS","Length: 2456, startime: 976151, endtime: 976152, seqnum: 0, connid: 0"
"12:27:05,4346382","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,4352810","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:05,4354849","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:05,4362015","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,4365672","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:05,4369301","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:05,4396941","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,4400174","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:05,4401802","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:05,4408151","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,4411762","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:05,4415000","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:05,4429037","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,4432675","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:05,4435903","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:05,4463128","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 48.256, Length: 4.096"
"12:27:05,4468409","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:05,4484863","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 33.648, Length: 4.096"
"12:27:05,4501671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,4514079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 48.290, Length: 4.096"
"12:27:05,4525327","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:05,4539401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 48.290, Length: 4.096"
"12:27:05,4550620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,4555799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 53.248, Length: 7.248"
"12:27:05,4561014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 47.104, Length: 4.096"
"12:27:05,4569500","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:27:05,4573124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 50.176, Length: 4.096"
"12:27:05,4605178","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,4614405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:05,4630373","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:05,4635090","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:05,4636881","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:05,4638318","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:05,4641537","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:05,4645147","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:05,4650116","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:05,4655742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 57.344, Length: 3.152"
"12:27:05,4660934","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:05,4705433","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,4710317","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 4.096, Length: 49.152"
"12:27:05,4769684","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 54.635, Length: 4.096"
"12:27:05,4833473","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 48.256, Length: 4.096"
"12:27:05,4835880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,4843484","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 11.776, Length: 4.096"
"12:27:05,4846321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 48.256, Length: 4.096"
"12:27:05,4881593","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:05,4953387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 52.736, Length: 4.096"
"12:27:05,5032436","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mup.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,5707736","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:05,5711785","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,5714594","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:05,5717001","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:05,5718965","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:05,5720602","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:05,5723355","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:05,5762382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:05,5767537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,5800579","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:05,5822229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,5832250","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 288.096, Length: 16.200"
"12:27:05,5857539","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,5863547","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\iaStorF.sys","NO SUCH FILE","Filter: iaStorF.sys"
"12:27:05,5867606","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:05,5890413","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,5895680","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Filter: iaStorF.sys, 1: iaStorF.sys"
"12:27:05,5900480","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:05,5933802","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,5941359","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:05,5943421","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:05,5950246","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,5954249","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:05,5957845","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:05,5985551","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,5989124","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:05,5990757","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:05,5997199","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,6001160","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:05,6004398","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:05,6018057","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,6021686","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:05,6028488","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:05,6055353","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 16.760, Length: 4.096"
"12:27:05,6060933","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:05,6093093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,6136016","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 20.480, Length: 8.176"
"12:27:05,6142435","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:05,6146381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 10.240, Length: 4.096"
"12:27:05,6161263","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:05,6164897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 18.432, Length: 4.096"
"12:27:05,6173672","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,6188973","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:05,6211533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 24.576, Length: 4.080"
"12:27:05,6217896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:05,6264453","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,6270503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 4.096, Length: 16.384"
"12:27:05,6312894","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 24.941, Length: 3.715"
"12:27:05,6383919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 16.760, Length: 4.096"
"12:27:05,6387081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,6395087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 11.776, Length: 4.096"
"12:27:05,6397946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 16.760, Length: 4.096"
"12:27:05,6438014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 20.856, Length: 4.096"
"12:27:05,6441639","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:05,6510284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 19.968, Length: 4.096"
"12:27:05,6593708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\iaStorF.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,6937141","swi_service.exe","2116","TCP Receive","Error3725.wohnheim.uni-kl.de:65243 -> ec2-54-220-254-241.eu-west-1.compute.amazonaws.com:http","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"12:27:05,6945235","swi_service.exe","2116","TCP Disconnect","Error3725.wohnheim.uni-kl.de:65243 -> ec2-54-220-254-241.eu-west-1.compute.amazonaws.com:http","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"12:27:05,7134913","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:05,7138958","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,7141720","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:05,7143772","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:05,7145732","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:05,7147388","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:05,7149720","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:05,7182632","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:05,7187077","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,7220236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:05,7246337","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,7254734","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.802.958, Length: 16.200"
"12:27:05,7277998","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,7282435","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\hwpolicy.sys","NO SUCH FILE","Filter: hwpolicy.sys"
"12:27:05,7285276","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:05,7300889","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,7304533","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Filter: hwpolicy.sys, 1: hwpolicy.sys"
"12:27:05,7308517","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:05,7338200","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,7343462","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:05,7345473","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:05,7351864","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,7355461","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:05,7359062","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:05,7384743","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,7387957","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:05,7389580","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:05,7395594","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,7399176","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:05,7402391","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:05,7421699","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,7426872","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:05,7430455","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:05,7431309","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7438857","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:05,7442108","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:05,7459364","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 4.216, Length: 4.096"
"12:27:05,7461417","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:05,7464617","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:05,7481033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 4.320, Length: 4.096"
"12:27:05,7494641","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7497132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,7500309","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:05,7502301","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:05,7508692","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7513142","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:05,7517131","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,7531606","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7536360","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:05,7539616","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:05,7542387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 7.680, Length: 7.040"
"12:27:05,7547995","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 3.584, Length: 4.096"
"12:27:05,7552851","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 1.536, Length: 4.096"
"12:27:05,7553247","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7556475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 7.680, Length: 4.096"
"12:27:05,7557665","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:05,7560469","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 4.608, Length: 4.096"
"12:27:05,7560898","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:05,7570125","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,7574520","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7578914","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:05,7581774","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:05,7587801","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 7.680, Length: 4.096"
"12:27:05,7604637","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7609801","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:05,7611462","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:05,7612185","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 3.072, Length: 4.096"
"12:27:05,7633910","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7637940","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:05,7639890","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:05,7646538","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 7.680, Length: 4.096"
"12:27:05,7655014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 11.776, Length: 2.944"
"12:27:05,7660790","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7661820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:05,7664801","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:05,7666756","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:05,7690851","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7694886","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:05,7696831","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:05,7704780","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,7710005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:05,7717754","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7721752","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:05,7723795","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:05,7734459","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 9.067, Length: 4.096"
"12:27:05,7745399","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7749401","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:05,7751020","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:05,7771481","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7775488","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:05,7777121","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:05,7778707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:05,7798388","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7802382","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:05,7803991","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:05,7826024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,7826430","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7830115","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:05,7832051","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:05,7836086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 4.216, Length: 4.096"
"12:27:05,7840924","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,7846554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:05,7852110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:05,7855740","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7857722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 12.288, Length: 2.432"
"12:27:05,7859756","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:05,7861366","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:05,7866992","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7871391","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,7873402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 4.216, Length: 4.096"
"12:27:05,7877796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,7878570","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7882596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:05,7884234","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:05,7886235","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,7887023","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:05,7891464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 12.288, Length: 2.432"
"12:27:05,7899899","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7905861","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:05,7908300","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:05,7914710","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 4.216, Length: 4.096"
"12:27:05,7914766","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:05,7917150","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5e00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:05,7919552","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:05,7929983","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7934788","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:05,7937191","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:05,7949198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 8.312, Length: 4.096"
"12:27:05,7950869","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:05,7982157","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7986560","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:05,7988189","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:05,7994146","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,7998540","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:05,8002174","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,8010856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 6.656, Length: 4.096"
"12:27:05,8014980","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8019043","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:05,8022238","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:05,8035072","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8039116","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:05,8042270","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:05,8054772","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8059134","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:05,8061970","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:05,8084026","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8088089","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:05,8090025","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:05,8104020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hwpolicy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,8110934","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8114927","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:05,8116546","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:05,8144237","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8148259","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:05,8150195","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:05,8171075","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8174737","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:05,8176347","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:05,8196765","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8200745","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:05,8202354","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:05,8222885","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8226878","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:05,8228497","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:05,8249708","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8253380","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:05,8255316","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:05,8275800","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8279443","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:05,8281057","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:05,8301481","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8305119","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:05,8306729","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:05,8327945","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8333608","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:05,8335572","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:05,8341217","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8345625","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,8352399","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8357684","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:05,8359695","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,8374133","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8380109","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:05,8382530","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:05,8386528","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> fe80::41d:71d7:343d:3a50:64689","SUCCESS","Length: 24, seqnum: 0, connid: 0"
"12:27:05,8391226","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win#"
"12:27:05,8392191","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes166.wohnheim.uni-kl.de:64689","SUCCESS","Length: 24, seqnum: 0, connid: 0"
"12:27:05,8394459","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5e00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:05,8397612","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:05,8429880","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:05,8480075","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8487292","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:05,8490063","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:05,8499277","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8505761","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:05,8511312","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,8542139","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8548520","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:05,8552961","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:05,8568958","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8573431","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:05,8576627","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:05,8591028","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8595459","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:05,8598664","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:05,8623142","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8627947","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:05,8629579","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:05,8662230","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8667795","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:05,8669810","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:05,8694642","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8699074","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:05,8700721","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:05,8735325","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8744548","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:05,8747282","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:05,8781794","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8787410","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:05,8789411","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:05,8810787","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:05,8815120","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8815181","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:05,8817938","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:05,8819981","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:05,8820396","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:05,8822780","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:05,8825957","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:05,8828028","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:05,8829992","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:05,8858495","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8864103","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:05,8864896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:05,8866855","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:05,8870088","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:05,8887969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:05,8894598","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8899767","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:05,8902155","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:05,8923717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,8929893","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8930532","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 538.548, Length: 16.200"
"12:27:05,8935874","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:05,8938309","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:05,8957785","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,8962590","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\hpdskflt.sys","NO SUCH FILE","Filter: hpdskflt.sys"
"12:27:05,8965450","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:05,8972634","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8977873","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:05,8982249","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:05,8982272","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,8986293","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Filter: hpdskflt.sys, 1: hpdskflt.sys"
"12:27:05,8989087","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,8990314","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:05,8993920","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,9001156","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9008345","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:05,9010397","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,9024276","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,9027210","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9031949","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:05,9033232","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:05,9034772","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:05,9037221","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:05,9039665","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:05,9043981","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,9048799","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:05,9049140","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:05,9052289","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:05,9053964","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:05,9057140","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:05,9090318","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,9094293","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:05,9096280","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:05,9102732","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,9106711","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:05,9110354","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:05,9124797","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:05,9128790","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:05,9132373","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:05,9160050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 19.212, Length: 4.096"
"12:27:05,9165676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:05,9182190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 18.440, Length: 4.096"
"12:27:05,9199372","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,9246983","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 23.040, Length: 7.448"
"12:27:05,9253280","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:05,9256196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 18.432, Length: 4.096"
"12:27:05,9262186","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 15.872, Length: 4.096"
"12:27:05,9290292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 23.040, Length: 4.096"
"12:27:05,9292452","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9295904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 21.504, Length: 4.096"
"12:27:05,9297579","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:05,9299259","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:05,9305290","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9307539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,9310067","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:05,9314075","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,9328779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 23.040, Length: 4.096"
"12:27:05,9328891","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9333322","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:05,9338948","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:05,9352178","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9355728","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 27.136, Length: 3.352"
"12:27:05,9357384","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:05,9360594","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:05,9363710","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:05,9373889","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9378634","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:05,9381479","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:05,9403955","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9407976","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:05,9409926","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:05,9413509","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,9420297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 4.096, Length: 18.944"
"12:27:05,9431231","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9437221","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:05,9438868","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:05,9460061","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9463756","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:05,9465701","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:05,9473305","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 26.497, Length: 3.991"
"12:27:05,9487398","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9491405","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:05,9493024","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:05,9514282","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9518285","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:05,9519908","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:05,9541577","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9545561","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:05,9547185","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:05,9548780","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 19.212, Length: 4.096"
"12:27:05,9552372","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,9561212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 17.408, Length: 4.096"
"12:27:05,9568457","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9572450","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:05,9574074","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:05,9594530","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9598500","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:05,9600114","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:05,9604116","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 23.040, Length: 4.096"
"12:27:05,9620584","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9625762","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:05,9627390","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:05,9648229","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9651895","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:05,9653523","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:05,9659112","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9663492","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,9669925","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9675188","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:05,9677194","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,9690423","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9695648","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:05,9698396","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:05,9706770","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:05,9713123","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:05,9717149","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:05,9719584","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:05,9730034","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9736061","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:05,9738814","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:05,9754842","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:05,9768478","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:05,9774226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hpdskflt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:05,9806391","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9811196","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:05,9813192","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:05,9819224","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9828139","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:05,9833396","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:05,9858032","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9864810","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:05,9870003","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:05,9888453","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9894541","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:05,9899308","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:05,9918556","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9928702","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:05,9933932","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:05,9965971","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:05,9971569","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:05,9974027","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:06,0000847","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0006090","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:06,0008506","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:06,0037392","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0042612","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:06,0045038","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:06,0071535","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0077101","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:06,0079522","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:06,0105996","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0111202","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:06,0113618","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:06,0140087","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0145303","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:06,0147724","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:06,0173027","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0178191","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:06,0180598","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:06,0205523","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0210356","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:06,0212768","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:06,0238831","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0243977","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:06,0246389","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:06,0253643","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0258896","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,0267722","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0274915","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:06,0277710","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,0293790","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0300209","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:06,0303423","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:06,0312823","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:06,0318071","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:06,0340099","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:06,0432975","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:06,0458245","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0463092","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:06,0465065","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:06,0471078","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0475515","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:06,0479140","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,0492365","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0496764","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:06,0499987","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:06,0512788","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0516842","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:06,0520024","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:06,0534485","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0538889","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:06,0542075","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:06,0562317","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0565004","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:06,0565470","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0567495","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976158, endtime: 976158, seqnum: 0, connid: 0"
"12:27:06,0586742","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0588380","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0589555","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0590404","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0590619","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0591561","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0593563","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0594790","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976158, endtime: 976158, seqnum: 0, connid: 0"
"12:27:06,0595055","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: DNCI"
"12:27:06,0596684","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:06,0618380","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0622756","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:06,0625177","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:06,0647630","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0651642","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:06,0653256","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:06,0674081","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0677752","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:06,0679688","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:06,0700554","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0704207","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:06,0705826","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:06,0727471","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0731861","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:06,0733485","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:06,0754365","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0758344","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:06,0759959","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:06,0780419","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0784403","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:06,0786017","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:06,0806506","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0810485","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:06,0812104","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:06,0817702","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0821756","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,0829775","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,0835392","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:06,0837393","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,0851439","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:06,0879816","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0882625","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0883866","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:06,0886245","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976159, endtime: 976159, seqnum: 0, connid: 0"
"12:27:06,0910713","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0913134","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0915079","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0916693","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0918317","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,0921176","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:06,0923560","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976159, endtime: 976159, seqnum: 0, connid: 0"
"12:27:06,0941203","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:06,0944389","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:06,0954288","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,0956710","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,0958767","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:06,0968372","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:06,0970789","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:06,0973214","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:06,0997262","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:06,1038426","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1043987","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:06,1045979","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:06,1052071","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1056844","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:06,1060496","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,1074104","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1078517","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:06,1081736","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:06,1094560","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1098950","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:06,1101805","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:06,1114984","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1119042","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:06,1122210","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:06,1148362","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1153139","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, FileAttributes: ANCI"
"12:27:06,1155187","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:06,1178806","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1182836","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:06,1184469","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:06,1207724","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1211736","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:06,1213359","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:06,1240202","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1245776","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:06,1248202","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:06,1276341","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1281939","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:06,1284710","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:06,1285531","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:06,1290322","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:06,1293914","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:06,1297143","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:06,1299601","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:06,1302344","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:06,1305190","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:06,1312831","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1318438","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:06,1320878","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:06,1345691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:06,1348150","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1351704","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,1353692","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:06,1355763","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:06,1361347","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:06,1365014","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:06,1370803","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:27:06,1375972","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:27:06,1378822","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:06,1386146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:06,1386645","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1391068","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:06,1392696","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:06,1414057","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,1416305","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1420093","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.070.556, Length: 16.200"
"12:27:06,1421558","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:06,1426400","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:06,1444197","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,1449823","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\fvevol.sys","NO SUCH FILE","Filter: fvevol.sys"
"12:27:06,1454162","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:06,1456051","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1460879","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:06,1462862","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:06,1470438","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:54719 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 44, seqnum: 0, connid: 0"
"12:27:06,1471282","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1476293","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,1479679","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,1481914","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Filter: fvevol.sys, 1: fvevol.sys"
"12:27:06,1487512","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:06,1489723","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1500537","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:06,1504203","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,1524249","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,1526045","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1526082","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:54719 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 319, seqnum: 0, connid: 0"
"12:27:06,1531507","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:06,1534320","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,1535608","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:06,1540418","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:06,1543529","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,1543678","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:06,1548362","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,1552061","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:06,1553148","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,1555276","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:06,1559297","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:06,1562488","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:03, LastWriteTime: 06.10.2013 12:27:03, ChangeTime: 06.10.2013 12:27:03, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:06,1588458","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,1593253","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:06,1596029","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:06,1597419","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:06,1604851","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,1609688","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,1614129","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,1634609","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,1637967","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1639787","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:06,1644377","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:06,1644582","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,1647143","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:06,1655587","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1661577","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:06,1666424","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,1677499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 188.760, Length: 4.096"
"12:27:06,1681543","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 188.416, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,1687318","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1694540","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:06,1695949","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:06,1699340","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:06,1716979","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1717230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 134.328, Length: 4.096"
"12:27:06,1721634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 131.072, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,1725851","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:06,1730246","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:06,1748635","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1750114","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,1754676","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:06,1758754","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:06,1790000","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1796409","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:06,1798863","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:06,1801112","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 214.528, Length: 9.224"
"12:27:06,1802007","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:60073 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:06,1805455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 212.992, Length: 10.760, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,1819944","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 187.392, Length: 4.096"
"12:27:06,1823942","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 184.320, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,1828892","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1833953","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 193.536, Length: 4.096"
"12:27:06,1834145","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:06,1836570","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:06,1837587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 196.608, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,1847169","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 189.440, Length: 4.096"
"12:27:06,1851223","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:06,1855459","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:60073 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 321, seqnum: 0, connid: 0"
"12:27:06,1856033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 191.488, Length: 4.096"
"12:27:06,1864588","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1869823","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:06,1878490","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:06,1898946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 214.528, Length: 4.096"
"12:27:06,1903415","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 194.560, Length: 4.096"
"12:27:06,1907418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 206.848, Length: 4.096"
"12:27:06,1909531","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1910557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 204.800, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,1911514","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1914336","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1915218","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:06,1916333","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1917984","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1918021","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:06,1922350","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1924422","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1926348","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1927631","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1929241","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1931620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,1933187","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1935207","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1936835","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1939242","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 17520, startime: 976160, endtime: 976160, seqnum: 0, connid: 0"
"12:27:06,1947308","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1952491","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 214.528, Length: 4.096"
"12:27:06,1952846","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:06,1954502","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:06,1957954","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1960333","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1961550","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,1963169","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976160, endtime: 976160, seqnum: 0, connid: 0"
"12:27:06,1979319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 218.624, Length: 5.128"
"12:27:06,1979394","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,1983784","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:06,1985412","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:06,2006605","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2010626","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:06,2012250","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:06,2023086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 188.760, Length: 4.096"
"12:27:06,2027061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,2035561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 188.760, Length: 4.096"
"12:27:06,2037165","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2041541","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:06,2043169","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:06,2064423","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2068426","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:06,2070072","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:06,2070833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 214.528, Length: 4.096"
"12:27:06,2087277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 186.368, Length: 4.096"
"12:27:06,2091345","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2095338","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 214.528, Length: 4.096"
"12:27:06,2095692","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:06,2097311","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:06,2102942","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2107364","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,2113816","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2119400","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:06,2121401","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,2139865","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2147880","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:06,2151910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:06,2152274","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:06,2154700","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:06,2163368","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:06,2167785","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:06,2183040","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:06,2188811","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2192034","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976160, endtime: 976160, seqnum: 0, connid: 0"
"12:27:06,2206500","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2208889","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2210083","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2211249","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2212509","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976160, endtime: 976160, seqnum: 0, connid: 0"
"12:27:06,2269753","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\fvevol.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,2272445","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:06,2296469","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2300906","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:06,2302884","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:06,2308934","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2313725","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:06,2317737","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,2339420","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2346208","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:06,2351055","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:06,2369113","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2375089","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:06,2379138","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:06,2396356","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2402001","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:06,2409218","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:06,2438514","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:06,2461363","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2465804","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:06,2467446","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:06,2489432","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2493472","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:06,2495100","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:06,2518831","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2539786","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:06,2540496","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2541816","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:06,2543299","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2545314","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976160, endtime: 976160, seqnum: 0, connid: 0"
"12:27:06,2560121","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2562155","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2563760","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2565047","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2565369","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976160, endtime: 976160, seqnum: 0, connid: 0"
"12:27:06,2567790","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:06,2569111","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:06,2571056","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:06,2572171","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:06,2574615","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:06,2577008","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:06,2578972","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:06,2580615","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:06,2582644","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:06,2595944","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2599965","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:06,2601584","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:06,2615924","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:06,2620748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,2627204","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2635965","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:06,2638834","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:06,2639193","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:06,2660839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,2667696","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.857.578, Length: 16.200"
"12:27:06,2672464","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2678085","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:06,2680529","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:06,2687382","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,2692565","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\fvevol.sys.mui","NO SUCH FILE","Filter: fvevol.sys.mui"
"12:27:06,2696199","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:06,2709392","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2714673","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:06,2715064","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,2719431","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Filter: fvevol.sys.mui, 1: fvevol.sys.mui"
"12:27:06,2720098","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:06,2723849","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:06,2759625","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2761299","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,2765195","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:06,2767214","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:06,2767373","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:06,2769748","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,2773662","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2776600","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,2778462","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,2780612","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,2784601","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,2788090","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2794085","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:06,2796105","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:06,2803774","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:06,2813869","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,2816150","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:06,2817139","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:06,2819085","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:06,2826334","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,2830337","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,2834367","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,2852020","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,2856801","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:06,2861233","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,2861601","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:06,2909380","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:06,2911372","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:06,2932556","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:06,2938098","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2941863","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976161, endtime: 976161, seqnum: 0, connid: 0"
"12:27:06,2943010","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:06,2950647","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:06,2969923","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2971583","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2973179","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2974756","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,2976743","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976161, endtime: 976161, seqnum: 0, connid: 0"
"12:27:06,2997549","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Offset: 14.848, Length: 3.072"
"12:27:06,3007574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,3181350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:06,3187326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:06,3192154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:06,3266710","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,3269593","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,3272742","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976161, endtime: 976161, seqnum: 0, connid: 0"
"12:27:06,3288841","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,3289690","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.437.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3291248","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,3293189","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,3293692","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.437.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3295236","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976161, endtime: 976161, seqnum: 0, connid: 0"
"12:27:06,3296123","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.437.579, Length: 2.920"
"12:27:06,3300522","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.440.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3323105","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.440.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3326343","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.440.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3328689","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.440.499, Length: 8.760"
"12:27:06,3332757","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.449.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3343417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\fvevol.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,3357010","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.449.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3359478","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.449.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3361451","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.449.259, Length: 2.920"
"12:27:06,3364311","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.452.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3388830","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.452.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3391307","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.452.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3393257","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.452.179, Length: 552"
"12:27:06,3395711","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.452.731, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3425329","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.452.731, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3427359","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.452.731, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3428963","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.452.731, Length: 5.840"
"12:27:06,3431762","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.458.571, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3460877","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.458.571, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3463349","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.458.571, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3465313","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.458.571, Length: 2.368"
"12:27:06,3467767","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.460.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3492477","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.460.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3494950","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.460.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3496904","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.460.939, Length: 2.920"
"12:27:06,3499727","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.463.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3529825","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.463.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3533795","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.463.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3535843","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.463.859, Length: 2.920"
"12:27:06,3539463","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.466.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3569347","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.466.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3575790","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.466.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3577777","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.466.779, Length: 10.220"
"12:27:06,3581378","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.476.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3599936","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,3601386","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.476.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3603126","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,3604946","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.476.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3605529","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976161, endtime: 976161, seqnum: 0, connid: 0"
"12:27:06,3607358","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.476.999, Length: 1.460"
"12:27:06,3611411","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.478.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3614770","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:06,3616753","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976161, endtime: 976161, seqnum: 0, connid: 0"
"12:27:06,3636490","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.478.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3639275","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.478.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3640922","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.478.459, Length: 4.380"
"12:27:06,3644104","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.482.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3671674","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.482.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3676082","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.482.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3678084","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.482.839, Length: 1.460"
"12:27:06,3680561","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.484.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3706885","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.484.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3710095","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.484.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3712073","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.484.299, Length: 5.840"
"12:27:06,3714909","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.490.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3740095","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.490.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3743310","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.490.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3744961","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.490.139, Length: 2.920"
"12:27:06,3748520","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.493.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3773114","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.493.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3776338","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.493.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3778325","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.493.059, Length: 2.920"
"12:27:06,3781525","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.495.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3803134","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.495.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3806343","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.495.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3808335","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.495.979, Length: 1.460"
"12:27:06,3810794","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.497.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3844130","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.497.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3846933","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.497.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3848916","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.497.439, Length: 1.460"
"12:27:06,3849093","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:06,3851738","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.498.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3853898","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:06,3856678","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:06,3859081","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:06,3860742","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:06,3862706","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:06,3864735","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:06,3874191","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.498.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3876981","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.498.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3879752","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.498.899, Length: 2.920"
"12:27:06,3883362","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.501.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3899643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:06,3904840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,3906085","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.501.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3909673","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.502.848, EndOfFile: 407.501.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3914907","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.501.819, Length: 2.920, Priority: Normal"
"12:27:06,3921405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:06,3938554","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.504.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,3949139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,3955497","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 83.652, Length: 16.200"
"12:27:06,3976751","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,3981201","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\disk.sys","NO SUCH FILE","Filter: disk.sys"
"12:27:06,3984047","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:06,4000067","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,4004050","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\disk.sys","SUCCESS","Filter: disk.sys, 1: disk.sys"
"12:27:06,4008048","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:06,4034583","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,4040158","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:06,4042168","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,4048550","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,4051200","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.504.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4052198","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,4054358","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.504.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4055435","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,4056424","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.504.739, Length: 2.920"
"12:27:06,4059960","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.507.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4081433","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.507.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4081527","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,4084587","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.507.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4085091","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:06,4086728","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:06,4086985","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.507.659, Length: 2.920"
"12:27:06,4089877","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.510.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4092774","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,4096385","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,4099916","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,4113155","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,4113939","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.510.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4116346","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.510.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4116785","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:06,4118352","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.510.579, Length: 1.460"
"12:27:06,4120013","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,4121496","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.512.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4146300","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.512.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4146916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 53.868, Length: 4.096"
"12:27:06,4149468","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.512.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4151866","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.512.039, Length: 2.920"
"12:27:06,4152901","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:06,4154674","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.514.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4172326","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.514.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4175102","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.514.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4176730","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.514.959, Length: 1.460"
"12:27:06,4179534","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.516.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:06,4182636","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,4225083","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 66.048, Length: 7.232"
"12:27:06,4234240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 57.856, Length: 4.096"
"12:27:06,4240272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 16.896, Length: 4.096"
"12:27:06,4272740","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:06,4285630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 66.048, Length: 4.096"
"12:27:06,4298855","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,4304439","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 53.760, Length: 4.096"
"12:27:06,4320137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 66.048, Length: 4.096"
"12:27:06,4346219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 70.144, Length: 3.136"
"12:27:06,4353048","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:06,4412000","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,4418405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 4.096, Length: 57.736"
"12:27:06,4422048","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 61.832, Length: 4.216"
"12:27:06,4492667","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 67.420, Length: 4.096"
"12:27:06,4559465","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 53.868, Length: 4.096"
"12:27:06,4562693","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,4570344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 20.992, Length: 4.096"
"12:27:06,4573969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 53.868, Length: 4.096"
"12:27:06,4609656","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 66.048, Length: 4.096"
"12:27:06,4629981","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:06,4632794","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:06,4634838","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:06,4638052","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:06,4641667","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:06,4682682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 55.808, Length: 4.096"
"12:27:06,4686647","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 63.488, Length: 4.096"
"12:27:06,4815051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\disk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,5095721","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:06,5100507","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:06,5102952","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:06,5105354","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:06,5107323","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:06,5108970","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:06,5111003","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:06,5154075","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\disk.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Synchronous"
"12:27:06,5158866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\disk.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,5195972","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\disk.sys.mui","SUCCESS","Offset: 184, Length: 2.376"
"12:27:06,5214846","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\disk.sys.mui","SUCCESS","Offset: 0, Length: 2.560"
"12:27:06,5220855","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.306.642, Length: 11.178"
"12:27:06,5247721","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,5252572","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\disk.sys.mui","NO SUCH FILE","Filter: disk.sys.mui"
"12:27:06,5255423","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:06,5271857","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,5275846","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\disk.sys.mui","SUCCESS","Filter: disk.sys.mui, 1: disk.sys.mui"
"12:27:06,5279853","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:06,5307181","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,5312788","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:06,5314803","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,5321213","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,5326424","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,5330795","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,5361332","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,5364924","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:06,5366561","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:06,5372934","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,5376545","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,5379782","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,5393381","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,5397005","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:06,5400210","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,6228597","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:06,6232964","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:06,6235399","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:06,6237787","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:06,6239434","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:06,6241393","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:06,6243418","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:06,6277132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:06,6281900","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,6303163","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:06,6338379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,6344798","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.963.526, Length: 16.200"
"12:27:06,6366868","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,6371626","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\CLASSPNP.SYS","NO SUCH FILE","Filter: CLASSPNP.SYS"
"12:27:06,6374472","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:06,6390142","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,6394126","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\CLASSPNP.SYS","SUCCESS","Filter: CLASSPNP.SYS, 1: Classpnp.sys"
"12:27:06,6398123","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:06,6426561","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,6434627","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:06,6437030","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,6445058","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,6449093","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,6453128","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,6482359","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,6485588","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:06,6487211","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:06,6493247","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,6496854","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,6500469","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,6514081","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,6517687","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:06,6520902","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,6554979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 157.804, Length: 4.096"
"12:27:06,6559434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 155.648, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,6575328","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:06,6605800","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,6647962","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 172.032, Length: 7.040"
"12:27:06,6651545","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 172.032, Length: 7.040, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,6665974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 150.528, Length: 4.096"
"12:27:06,6669939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 147.456, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,6696133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 157.696, Length: 4.096"
"12:27:06,6701754","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 92.672, Length: 4.096"
"12:27:06,6721417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 161.792, Length: 4.096"
"12:27:06,6726572","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 163.840, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,6750667","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:06,6761928","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,6772765","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:06,6794392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 130.560, Length: 4.096"
"12:27:06,6797620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 131.072, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,6826846","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:06,6835285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 176.128, Length: 2.944"
"12:27:06,6841676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:06,6892240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,6897451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:27:06,6900306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 61.840, Length: 61.440"
"12:27:06,6903520","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 123.280, Length: 48.752"
"12:27:06,7083202","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 173.419, Length: 4.096"
"12:27:06,7161079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 157.804, Length: 4.096"
"12:27:06,7163855","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,7171091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 103.424, Length: 4.096"
"12:27:06,7175065","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 157.804, Length: 4.096"
"12:27:06,7179530","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,7185081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:06,7190287","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:06,7195181","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:06,7200391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:06,7205593","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:06,7210799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:06,7216005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:06,7221202","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:06,7228008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:06,7234105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:06,7240114","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:06,7245703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:06,7250913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:06,7256119","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:06,7261316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:06,7267731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:06,7273809","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:06,7279365","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:06,7284245","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:06,7289446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:06,7294648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:06,7299854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:06,7305046","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:06,7309930","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:06,7315122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:06,7320319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:06,7328385","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:06,7333997","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:06,7339203","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:06,7344409","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:06,7349975","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:06,7354859","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:06,7360051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:06,7365248","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:06,7370440","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:06,7375310","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:06,7381557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:06,7391167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:06,7400277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:06,7405857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:06,7411483","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:06,7416698","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:06,7421895","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 176.128, Length: 2.944"
"12:27:06,7443410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 157.804, Length: 4.096"
"12:27:06,7449031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,7453836","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:06,7458263","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:06,7462676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:06,7467080","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:06,7471489","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:06,7475575","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:06,7479979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:06,7484383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:06,7488796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:06,7493199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:06,7497608","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:06,7502021","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:06,7506425","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:06,7510824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:06,7515223","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:06,7519314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:06,7524478","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:06,7528905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:06,7533314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:06,7537722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:06,7542135","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:06,7546548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:06,7550961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:06,7555361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:06,7559755","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:06,7563846","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:06,7568255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:06,7572644","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:06,7577053","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:06,7581457","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:06,7585865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:06,7590264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:06,7594658","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:06,7598745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:06,7603139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:06,7607548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:06,7611947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:06,7616346","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:06,7620754","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:06,7626021","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:06,7630756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:06,7634847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:06,7639251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 176.128, Length: 2.944"
"12:27:06,7658854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 157.804, Length: 4.096"
"12:27:06,7665338","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:06,7740104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:06,7745371","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:06,7870561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Classpnp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,8507627","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:06,8511312","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:06,8513724","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:06,8516103","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:06,8518062","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:06,8519705","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:06,8521724","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:06,8558195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:06,8562627","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,8580312","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:06,8610756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,8617091","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.212.520, Length: 16.200"
"12:27:06,8640192","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,8646989","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\cdrom.sys","NO SUCH FILE","Filter: cdrom.sys"
"12:27:06,8650576","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:06,8669484","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,8673468","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Filter: cdrom.sys, 1: cdrom.sys"
"12:27:06,8677130","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:06,8703221","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,8708782","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:06,8710792","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,8716857","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,8720467","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,8724843","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,8751336","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,8754555","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:06,8756500","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:06,8762527","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,8765793","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:06,8769338","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:06,8782227","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,8785829","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:06,8789034","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:06,8814705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 50.660, Length: 4.096"
"12:27:06,8820322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:06,8856569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,8870163","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 92.242, Length: 4.096"
"12:27:06,8879842","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:06,8888580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 92.242, Length: 4.096"
"12:27:06,8906260","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,8911537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 139.776, Length: 4.096"
"12:27:06,8915082","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 139.264, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,8931573","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 55.808, Length: 4.096"
"12:27:06,8945558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:06,8966831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,8971281","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 50.176, Length: 4.096"
"12:27:06,9026655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,9033871","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:06,9037081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 50.660, Length: 4.096"
"12:27:06,9041891","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,9047451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:06,9052667","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:06,9057957","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:06,9063490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:06,9068378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:06,9073589","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:06,9078791","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:06,9083992","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:06,9089198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:06,9094414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:06,9099615","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:06,9104821","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:06,9109706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:06,9114902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:06,9120141","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:06,9126929","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:06,9132154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:06,9137364","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:06,9142561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:06,9147758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:06,9152642","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:06,9157839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:06,9163036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:06,9168247","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:06,9173444","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:06,9178640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:06,9183520","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:06,9188717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:06,9193923","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:06,9199120","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:06,9204307","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:06,9209191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:06,9214388","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:06,9219585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:06,9226013","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:06,9241651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 50.660, Length: 4.096"
"12:27:06,9246106","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,9250864","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:06,9255272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:06,9259685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:06,9264085","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:06,9268190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:06,9272603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:06,9277748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:06,9282157","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:06,9286565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:06,9290978","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:06,9295387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:06,9300192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:06,9304609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:06,9308696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:06,9313100","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:06,9317508","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:06,9321921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:06,9327519","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:06,9331946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:06,9336355","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:06,9340768","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:06,9345181","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:06,9349589","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:06,9354007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:06,9358411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:06,9362829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:06,9367237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:06,9371636","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:06,9376040","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:06,9380444","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:06,9384847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:06,9389260","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:06,9393347","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:06,9397746","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:06,9402154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:06,9419392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 50.660, Length: 4.096"
"12:27:06,9489992","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 54.756, Length: 4.096"
"12:27:06,9493593","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 58.852, Length: 4.096"
"12:27:06,9613176","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\cdrom.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:06,9877658","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:06,9881716","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:06,9884152","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:06,9886526","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:06,9888499","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:06,9890146","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:06,9892157","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:06,9925418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\cdrom.sys.mui","SUCCESS","Offset: 0, Length: 2.048, I/O Flags: Synchronous"
"12:27:06,9930242","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\cdrom.sys.mui","SUCCESS","Offset: 0, Length: 2.048, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:06,9947829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\cdrom.sys.mui","SUCCESS","Offset: 184, Length: 1.864"
"12:27:06,9965560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\cdrom.sys.mui","SUCCESS","Offset: 0, Length: 2.048"
"12:27:06,9971140","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.666.392, Length: 16.200"
"12:27:06,9990817","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:06,9995235","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\cdrom.sys.mui","NO SUCH FILE","Filter: cdrom.sys.mui"
"12:27:06,9998071","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:07,0014048","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,0017678","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\cdrom.sys.mui","SUCCESS","Filter: cdrom.sys.mui, 1: cdrom.sys.mui"
"12:27:07,0021312","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:07,0048588","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,0053822","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:07,0055833","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:07,0062229","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,0065858","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:07,0069417","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:07,0098690","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,0101937","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:07,0103570","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:07,0109602","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,0113208","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:07,0116762","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:07,0133197","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,0136827","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:07,0140041","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:07,0631349","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:07,0634895","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:07,0638155","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:07,0641719","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:07,0644136","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:07,0646175","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:07,0648171","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:07,0650532","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:07,0652594","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:07,0654600","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:07,0656568","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:07,0658229","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:07,0660240","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:07,0662586","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:07,0664564","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:07,0666215","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:07,0668175","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:07,0670199","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:07,0672658","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:07,0674664","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:07,0993610","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:07,0997617","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:07,1000047","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:07,1002100","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:07,1004059","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:07,1005697","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:07,1007703","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:07,1042210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:07,1046982","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:07,1081708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:07,1110407","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:07,1116402","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 385.134, Length: 16.200"
"12:27:07,1138859","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,1143296","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\savonaccess.sys","NO SUCH FILE","Filter: savonaccess.sys"
"12:27:07,1146454","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:07,1162100","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,1165744","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Filter: savonaccess.sys, 1: savonaccess.sys"
"12:27:07,1169723","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:07,1197461","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,1202709","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:07,1204715","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:07,1211106","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,1214726","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:07,1217945","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:07,1284449","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,1288461","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:07,1290444","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:07,1297269","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,1301262","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:07,1304919","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:07,1318961","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:07,1323374","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:07,1327348","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:07,1357442","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 128.008, Length: 4.096"
"12:27:07,1360689","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 131.072, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:07,1376051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:07,1406509","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:07,1448228","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 136.192, Length: 8.480"
"12:27:07,1451503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 135.168, Length: 9.504, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:07,1467933","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 128.000, Length: 4.096"
"12:27:07,1471940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 132.096, Length: 4.096"
"12:27:07,1475565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 130.048, Length: 4.096"
"12:27:07,1478774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:07,1520041","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 136.192, Length: 4.096"
"12:27:07,1525326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 134.144, Length: 4.096"
"12:27:07,1533747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:07,1550550","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 136.192, Length: 4.096"
"12:27:07,1573474","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 140.288, Length: 4.384"
"12:27:07,1577831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:07,1623571","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:07,1629211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:27:07,1632374","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 61.840, Length: 61.440"
"12:27:07,1635598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 123.280, Length: 12.912"
"12:27:07,1818993","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 128.008, Length: 4.096"
"12:27:07,1821736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:07,1829396","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 121.856, Length: 4.096"
"12:27:07,1833039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 128.008, Length: 4.096"
"12:27:07,1866683","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 136.192, Length: 4.096"
"12:27:07,1884405","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,1887260","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,1889276","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976170, endtime: 976170, seqnum: 0, connid: 0"
"12:27:07,1909545","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,1912003","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,1913566","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,1915190","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976170, endtime: 976170, seqnum: 0, connid: 0"
"12:27:07,1938491","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:07,1961098","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.516.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,1964247","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.516.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,1965875","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.516.419, Length: 2.920"
"12:27:07,1969462","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.519.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2004277","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.519.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2007057","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.519.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2008681","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.519.339, Length: 4.380"
"12:27:07,2011881","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.523.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2051254","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\savonaccess.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:07,2203048","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2205852","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2207858","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976170, endtime: 976170, seqnum: 0, connid: 0"
"12:27:07,2220332","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2221969","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2223532","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2225174","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976170, endtime: 976170, seqnum: 0, connid: 0"
"12:27:07,2267868","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.523.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2270350","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.523.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2272281","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.523.719, Length: 2.920"
"12:27:07,2274763","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.526.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2369211","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.526.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2372000","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.526.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2373960","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.526.639, Length: 4.380"
"12:27:07,2376782","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.531.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2524168","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2526962","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2528968","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976170, endtime: 976170, seqnum: 0, connid: 0"
"12:27:07,2542618","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2544582","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2545440","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2547008","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976170, endtime: 976170, seqnum: 0, connid: 0"
"12:27:07,2631799","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.531.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2634271","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.531.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2636231","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.531.019, Length: 2.920"
"12:27:07,2639095","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.533.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2670108","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.533.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2672907","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.533.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2674544","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.533.939, Length: 2.920"
"12:27:07,2677735","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.536.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2709779","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.536.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2713763","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.536.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2715746","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.536.859, Length: 1.460"
"12:27:07,2718610","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.538.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2840544","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2843389","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976171, endtime: 976171, seqnum: 0, connid: 0"
"12:27:07,2857832","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2859791","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2860668","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2861839","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,2863090","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976171, endtime: 976171, seqnum: 0, connid: 0"
"12:27:07,2896342","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.538.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2899136","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.538.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2900764","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.538.319, Length: 1.460"
"12:27:07,2903960","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.539.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2940515","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.539.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2943328","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.539.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,2944965","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.539.779, Length: 5.840"
"12:27:07,2948170","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.545.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3209984","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3212801","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3214798","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976171, endtime: 976171, seqnum: 0, connid: 0"
"12:27:07,3229609","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3231233","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3232408","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3233257","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3234820","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976171, endtime: 976171, seqnum: 0, connid: 0"
"12:27:07,3278540","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.545.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3281027","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.545.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3282967","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.545.619, Length: 2.920"
"12:27:07,3286196","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.548.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3407318","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.548.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3410163","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.548.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3412123","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.548.539, Length: 5.840"
"12:27:07,3415365","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.554.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3535829","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3538647","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3540653","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976171, endtime: 976171, seqnum: 0, connid: 0"
"12:27:07,3554652","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3556285","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3557461","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3558300","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3559868","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976171, endtime: 976171, seqnum: 0, connid: 0"
"12:27:07,3597622","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.554.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3600383","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.554.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3602035","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.554.379, Length: 2.920"
"12:27:07,3605230","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.557.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3643749","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.557.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3646175","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.557.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3647808","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.557.299, Length: 5.840"
"12:27:07,3650999","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.563.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3857304","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3860098","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3862099","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976172, endtime: 976172, seqnum: 0, connid: 0"
"12:27:07,3876537","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3878179","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3879346","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3880195","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,3881753","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976172, endtime: 976172, seqnum: 0, connid: 0"
"12:27:07,3940023","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.563.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3942808","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.563.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3944436","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.563.139, Length: 2.920"
"12:27:07,3947637","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.566.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3972828","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.566.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3975990","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.568.384, EndOfFile: 407.566.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,3983245","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.566.059, Length: 4.380, Priority: Normal"
"12:27:07,4001662","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.570.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4006117","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.570.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4008090","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.570.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4009690","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.570.439, Length: 1.460"
"12:27:07,4011720","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.571.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4187931","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4190739","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4192750","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976172, endtime: 976172, seqnum: 0, connid: 0"
"12:27:07,4206829","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4208793","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4209646","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4210817","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4212385","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976172, endtime: 976172, seqnum: 0, connid: 0"
"12:27:07,4248818","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.571.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4251622","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.571.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4253236","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.571.899, Length: 2.920"
"12:27:07,4256068","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.574.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4354247","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.574.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4356682","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.574.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4358637","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.574.819, Length: 5.840"
"12:27:07,4361809","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.580.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4515773","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4518581","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4520596","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976172, endtime: 976172, seqnum: 0, connid: 0"
"12:27:07,4544285","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4546263","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4547439","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:07,4548703","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976172, endtime: 976172, seqnum: 0, connid: 0"
"12:27:07,4618636","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.580.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4621472","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.580.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4624654","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.580.659, Length: 2.920"
"12:27:07,4628246","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.583.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4633923","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:07,4636722","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:07,4639073","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:07,4642320","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:07,4645926","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:07,4668500","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.583.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4671323","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.583.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:07,4672974","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.583.579, Length: 4.380"
"12:27:07,4676911","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.587.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,1521604","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:65454 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 44, seqnum: 0, connid: 0"
"12:27:08,1634842","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:64134 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:08,1653740","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:64134 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 125, seqnum: 0, connid: 0"
"12:27:08,1694974","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:57468 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:08,1697637","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:63676","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:08,1706557","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:64452 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 45, seqnum: 0, connid: 0"
"12:27:08,1715831","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:60844 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:08,1724587","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:49888 -> 224.0.0.252:llmnr","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:08,1725002","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:65454 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 366, seqnum: 0, connid: 0"
"12:27:08,1728179","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:57468 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 321, seqnum: 0, connid: 0"
"12:27:08,1853481","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:64452 -> minnehaha.rhrk.uni-kl.de:domain","SUCCESS","Length: 361, seqnum: 0, connid: 0"
"12:27:08,2160998","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2164184","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2166185","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976180, endtime: 976180, seqnum: 0, connid: 0"
"12:27:08,2180684","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2182615","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2183478","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2184659","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2185909","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976180, endtime: 976180, seqnum: 0, connid: 0"
"12:27:08,2251415","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.587.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2254256","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.587.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2256229","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.587.959, Length: 2.920"
"12:27:08,2259812","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.590.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2356233","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.590.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2359050","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.590.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2360678","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.590.879, Length: 5.840"
"12:27:08,2363893","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.596.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2482785","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2485607","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2487613","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976180, endtime: 976180, seqnum: 0, connid: 0"
"12:27:08,2500036","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2501664","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2502830","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2504076","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976180, endtime: 976180, seqnum: 0, connid: 0"
"12:27:08,2545879","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.596.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2548692","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.596.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2550647","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.596.719, Length: 2.920"
"12:27:08,2553865","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.599.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2679340","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.599.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2682890","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.599.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2685297","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.599.639, Length: 4.380"
"12:27:08,2689314","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.604.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2732558","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:63676","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:08,2743428","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:49888 -> 224.0.0.252:llmnr","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:08,2801740","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2804553","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2806559","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976181, endtime: 976181, seqnum: 0, connid: 0"
"12:27:08,2820610","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2822247","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2823446","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2824650","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,2826250","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976181, endtime: 976181, seqnum: 0, connid: 0"
"12:27:08,2868137","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.604.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2871295","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.604.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2872947","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.604.019, Length: 2.920"
"12:27:08,2876156","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.606.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2913672","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.606.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2916891","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.606.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,2918514","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.606.939, Length: 5.840"
"12:27:08,2922890","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.612.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,3138880","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3141305","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3143302","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976181, endtime: 976181, seqnum: 0, connid: 0"
"12:27:08,3160950","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3162597","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3163767","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3164938","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3165787","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3167779","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3169006","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976181, endtime: 976181, seqnum: 0, connid: 0"
"12:27:08,3196618","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.612.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,3199408","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.612.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,3201381","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.612.779, Length: 2.920"
"12:27:08,3207157","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.615.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,3250891","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.615.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,3254128","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.615.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,3256573","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.615.699, Length: 8.760"
"12:27:08,3260939","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.624.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,3285832","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:08,3291430","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:08,3295908","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:08,3300643","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:08,3304660","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:08,3317680","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:08,3322102","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:08,3334143","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:08,3338579","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:08,3342619","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:08,3346202","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:08,3349845","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:08,3353045","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:08,3356665","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:08,3359809","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:08,3362702","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:08,3366233","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3369051","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:08,3372675","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:08,3375904","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:08,3379482","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:08,3383102","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:08,3386335","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:08,3389922","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:08,3392744","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:08,3396322","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:08,3399145","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:08,3401972","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:08,3409244","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3411582","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:08,3413615","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3420818","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3446536","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3449377","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3451761","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:08,3454542","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3456589","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3458927","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3460998","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3461520","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3463013","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3465383","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3467380","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:08,3469437","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3469871","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:08,3471807","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:08,3473113","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:08,3475837","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3478226","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3481832","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3483866","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:08,3486263","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3488279","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3490285","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3491596","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,3492659","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3494670","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3496722","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3498700","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:08,3503323","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3506981","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:08,3514823","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3517999","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976181, endtime: 976181, seqnum: 0, connid: 0"
"12:27:08,3518181","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3521013","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3526606","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3528995","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:08,3531789","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3533819","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3541544","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3544291","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3544823","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3546703","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3547216","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3548299","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3549913","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3551499","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3551923","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3554685","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3556691","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976181, endtime: 976181, seqnum: 0, connid: 0"
"12:27:08,3559075","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:08,3561081","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3561459","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,3565974","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:08,3568321","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3569552","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3573126","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:08,3575570","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:08,3577156","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,3585036","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3588264","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3591198","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3591828","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3594207","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:08,3595653","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:08,3596637","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3599231","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,3612461","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3616888","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:08,3618465","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3620074","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,3621688","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3625682","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3627753","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:08,3630897","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3632940","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3634956","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3636574","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3638170","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,3640549","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:08,3641365","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:08,3642970","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3644598","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,3644995","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:08,3647761","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:08,3649786","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:08,3675093","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3680640","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:08,3682319","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,3706736","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3711149","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:08,3712787","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,3735267","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3739662","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,3741299","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,3763327","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3767348","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,3768981","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,3790202","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3794228","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,3795852","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:08,3817516","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3821518","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:08,3823520","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:08,3843896","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3844377","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3846705","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3848263","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:08,3848403","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:08,3849910","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976182, endtime: 976182, seqnum: 0, connid: 0"
"12:27:08,3850026","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:08,3869125","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3870762","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3871928","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3872777","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3873944","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,3875950","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:08,3877176","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976182, endtime: 976182, seqnum: 0, connid: 0"
"12:27:08,3881263","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3886931","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:08,3889352","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,3915765","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3920225","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:08,3924186","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,3948658","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3953071","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:08,3954713","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:08,3960741","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3965513","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,3972338","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,3977940","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:08,3979965","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,3994464","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4000813","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:08,4003257","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:08,4012280","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:08,4015139","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7500000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:08,4017971","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,4030011","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4036398","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:08,4038814","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:08,4055599","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,4094752","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4100000","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:08,4102006","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,4108756","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4113235","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:08,4117228","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,4135407","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4142666","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:08,4147863","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,4169775","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4175820","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:08,4180565","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,4197825","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4202616","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:08,4205499","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,4238359","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,4241154","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,4242390","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:08,4244335","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976182, endtime: 976182, seqnum: 0, connid: 0"
"12:27:08,4256315","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4261904","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:08,4264343","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,4265608","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,4267236","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,4268411","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,4269251","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,4270413","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,4272419","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:08,4273641","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976182, endtime: 976182, seqnum: 0, connid: 0"
"12:27:08,4283633","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,4284916","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:08,4286470","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976182, endtime: 976182, seqnum: 0, connid: 0"
"12:27:08,4304906","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4310168","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:08,4312169","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,4338260","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4342673","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,4344647","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,4367123","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4371163","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,4372795","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,4394385","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4398429","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,4400072","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:08,4422100","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4426480","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:08,4428108","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:08,4449423","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4453826","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:08,4455767","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:08,4477464","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4481476","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:08,4483095","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,4504311","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4507996","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:08,4509928","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,4533593","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4537638","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:08,4539252","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:08,4544896","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4549310","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,4556111","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4561704","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:08,4563706","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,4577384","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4583345","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:08,4585781","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:08,4594411","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:08,4597289","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7500000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:08,4600433","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,4619704","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:08,4635360","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:08,4637800","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:08,4639801","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:08,4642628","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:08,4646197","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:08,4660122","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4665720","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:08,4667712","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,4674961","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4680191","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:08,4684198","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,4697843","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4702587","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:08,4705853","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,4718705","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4724308","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:08,4727527","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,4741540","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4746728","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:08,4749937","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,4772866","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4777633","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:08,4779266","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,4800879","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4804928","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:08,4806547","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,4829382","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4833445","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,4835073","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,4856733","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4861076","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,4862700","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,4884812","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4889206","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,4891179","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:08,4912862","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4916874","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:08,4918498","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:08,4940549","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4944556","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:08,4946180","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:08,4967014","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4970666","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:08,4972285","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,4993091","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,4997080","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:08,4998698","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,5019532","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5025181","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:08,5026824","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:08,5032440","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5036853","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,5043291","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5048884","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:08,5050876","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,5064484","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5069728","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:08,5073334","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:08,5075769","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:08,5084851","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,5087702","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:08,5092847","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,5302427","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,5348960","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5354148","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:08,5356135","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,5362587","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5367387","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:08,5371390","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,5387885","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5392653","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:08,5395890","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,5409535","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5413963","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:08,5417517","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,5431596","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5435995","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:08,5439182","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,5461373","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:08,5461667","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5465417","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,5466476","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:08,5468142","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,5469205","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:08,5473987","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:08,5476366","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:08,5478382","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:08,5480434","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:08,5489755","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5493785","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:08,5495404","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,5515305","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:08,5516266","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5520110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:08,5520287","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,5522293","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,5537641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:08,5544732","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5548730","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,5550348","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,5556100","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,5561689","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.941.144, Length: 16.200"
"12:27:08,5565706","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.937.408, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:08,5571220","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5575600","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,5577224","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:08,5597670","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,5598911","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5602503","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\Null.SYS","NO SUCH FILE","Filter: Null.SYS"
"12:27:08,5602923","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:08,5604546","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:08,5605703","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:08,5622185","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,5626570","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5626598","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\Null.SYS","SUCCESS","Filter: Null.SYS, 1: null.sys"
"12:27:08,5630591","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:08,5634981","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:08,5637397","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:08,5657438","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,5662686","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:08,5664706","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:08,5667081","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5671503","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,5671886","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:08,5673850","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,5675156","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:08,5678715","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:08,5697161","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5701205","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:08,5703160","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,5706024","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,5709588","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:08,5711226","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:08,5717295","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,5721265","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:08,5725692","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:08,5730012","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5734439","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:08,5736076","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:08,5739733","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,5743265","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5743680","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:08,5746918","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:08,5748074","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,5754913","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5760507","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:08,5762513","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,5772248","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 4.096, Length: 2.048"
"12:27:08,5776232","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5779036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:08,5781802","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:08,5784238","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:08,5793325","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:08,5796278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 4.320, Length: 1.824"
"12:27:08,5799716","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:08,5804129","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:08,5806569","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,5813100","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,5815358","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5821404","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:08,5825429","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:08,5841472","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,5855090","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,5861042","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 4.096, Length: 2.048"
"12:27:08,5865073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 1.536, Length: 4.096"
"12:27:08,5876707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,5892741","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5897541","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,5899216","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,5905238","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5910001","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:08,5913659","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,5928087","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5932515","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:08,5936083","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,5938504","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 4.096, Length: 2.048"
"12:27:08,5941247","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,5949304","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5953362","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:08,5956544","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,5969415","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,5973790","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:08,5976641","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,5998300","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6002294","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,6003917","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,6025180","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6029215","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,6031151","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,6048715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 5.632, Length: 512"
"12:27:08,6054458","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6058470","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,6060102","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,6080931","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6084939","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,6086548","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:08,6107424","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6111417","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:08,6113036","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:08,6114897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\null.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,6142220","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6147823","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:08,6149829","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:08,6173485","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6177861","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:08,6179503","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,6201111","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6205151","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:08,6206775","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,6230874","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6235231","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:08,6236859","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:08,6246058","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6250509","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,6257296","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6262577","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:08,6264588","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,6278205","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6283439","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:08,6286191","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:08,6294896","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:08,6300555","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,6322611","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:08,6415253","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,6440888","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6445361","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:08,6447363","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,6453772","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6458596","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:08,6462981","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,6476612","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6481053","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:08,6484655","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,6497922","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6502354","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:08,6505558","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,6519521","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6524755","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:08,6527964","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,6553258","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,6576112","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6580147","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: DNCI"
"12:27:08,6581766","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,6602600","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6606336","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:08,6606621","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,6608244","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,6610740","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,6613185","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:08,6615568","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:08,6617215","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:08,6619174","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:08,6621208","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:08,6633477","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6640708","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,6642728","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,6657255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:08,6661691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:08,6668773","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6672841","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,6674791","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:08,6696576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:08,6697705","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6701731","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:08,6703350","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:08,6715008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,6720615","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.219.972, Length: 16.200"
"12:27:08,6726194","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6730556","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:08,6732179","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:08,6744705","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,6749165","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\Beep.SYS","NO SUCH FILE","Filter: Beep.SYS"
"12:27:08,6752332","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:08,6754250","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6758285","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:08,6759908","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,6769621","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,6773637","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\Beep.SYS","SUCCESS","Filter: Beep.SYS, 1: beep.sys"
"12:27:08,6777971","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:08,6783159","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6787180","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:08,6788799","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,6809436","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,6817521","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:08,6819900","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:08,6822811","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6828064","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:08,6829916","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,6830387","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:08,6833942","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:08,6836820","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6837991","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:08,6841686","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,6848921","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,6854533","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:08,6856548","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,6869242","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,6872185","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:08,6872489","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:08,6874425","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:08,6880456","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,6884067","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:08,6887305","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:08,6900553","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,6907770","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:08,6911357","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:08,6938638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 4.708, Length: 1.948"
"12:27:08,6943863","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:08,6954443","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:08,6957648","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:08,6967179","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,6969600","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,6971984","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:08,6973150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,6981239","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:08,6983646","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:08,6986063","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:08,7009756","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,7013665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 4.608, Length: 2.048"
"12:27:08,7017248","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 3.072, Length: 3.584"
"12:27:08,7036132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,7049675","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7055231","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:08,7056901","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,7063301","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7068092","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:08,7072081","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,7085716","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7090120","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:08,7093362","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,7099091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 4.708, Length: 1.948"
"12:27:08,7101526","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,7106228","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7109555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 4.708, Length: 1.948"
"12:27:08,7110613","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:08,7113478","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,7134732","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7141510","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:08,7145540","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,7171272","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7176068","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, FileAttributes: ANCI"
"12:27:08,7178032","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,7200088","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7204128","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:08,7205747","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,7235775","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7241411","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,7243426","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,7267866","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7271929","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,7273874","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,7282481","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\beep.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,7295180","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7299201","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,7300829","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:08,7322824","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7326906","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:08,7328842","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:08,7351780","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7356156","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:08,7357779","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:08,7378650","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7382634","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:08,7384244","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,7404732","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7408712","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:08,7410321","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,7431575","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7435577","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:08,7437210","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:08,7443191","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7447632","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,7454844","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7460428","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:08,7462438","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,7481350","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7489360","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:08,7493395","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:08,7496162","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:08,7503001","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:08,7506173","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:08,7509424","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,7511794","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:06, LastWriteTime: 06.10.2013 12:27:06, ChangeTime: 06.10.2013 12:27:06, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:08,7542322","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,7583528","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7588799","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:08,7590810","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:08,7598498","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7607277","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:08,7612474","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,7639405","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7645068","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:08,7649080","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,7664270","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7668739","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:08,7672270","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,7686372","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7690809","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:08,7693986","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,7718076","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7723259","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:08,7725236","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:08,7738494","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:08,7742544","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,7744974","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:08,7747358","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:08,7748146","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7749336","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:08,7750992","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:08,7752503","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:08,7753343","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:08,7754150","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,7775395","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7779420","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,7781044","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,7788284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:08,7793108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:08,7802671","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7806673","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,7808297","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,7826257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:08,7832382","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7836408","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,7838032","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:08,7852129","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,7858170","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 810.060, Length: 16.200"
"12:27:08,7859267","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7863260","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:08,7864874","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:08,7879396","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,7883828","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\vga.sys","NO SUCH FILE","Filter: vga.sys"
"12:27:08,7886137","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7887000","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:08,7890154","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:08,7891772","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:08,7903873","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,7907895","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\vga.sys","SUCCESS","Filter: vga.sys, 1: vga.sys"
"12:27:08,7911888","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:08,7913399","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7917080","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:08,7919016","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,7939957","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,7945093","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7945238","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:08,7947248","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:08,7949562","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:08,7951522","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,7954031","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,7957656","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:08,7960884","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:08,7982390","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7987629","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:08,7988100","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,7989639","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:08,7991351","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:08,7993301","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:08,7996072","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,7999371","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,8000868","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,8003364","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:08,8006592","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:08,8009312","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8015292","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:08,8017298","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,8031158","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,8035949","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:08,8039965","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:08,8040581","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8060011","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:08,8064466","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:08,8066901","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:08,8068245","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 25.840, Length: 3.344"
"12:27:08,8073731","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:08,8075195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:08,8076945","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:08,8089778","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:08,8095208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 25.608, Length: 3.576"
"12:27:08,8112543","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,8157878","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 25.600, Length: 3.584"
"12:27:08,8162230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 3.584, Length: 4.096"
"12:27:08,8165944","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,8177140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 27.648, Length: 1.536"
"12:27:08,8185518","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,8189231","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8193621","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:08,8195268","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,8201262","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8205699","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:08,8209333","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,8222908","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8227335","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:08,8230568","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,8243364","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8247432","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:08,8250665","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,8259719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 25.840, Length: 3.344"
"12:27:08,8263284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,8264226","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8268289","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:08,8270948","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 4.608, Length: 4.096"
"12:27:08,8271489","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,8274890","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 25.840, Length: 3.344"
"12:27:08,8295948","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:08,8317248","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8321255","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:08,8323630","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,8344478","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8348835","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:08,8353635","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:08,8383291","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8388124","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,8389766","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:08,8423517","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8429987","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:08,8431998","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:08,8456844","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8461243","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:08,8462876","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:08,8465922","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vga.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,8484484","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8488505","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:08,8490138","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:08,8511373","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8515371","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:08,8516990","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:08,8539120","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8543100","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:08,8544728","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:08,8565963","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8569970","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:08,8571589","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:08,8577224","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8581637","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,8588425","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8593687","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:08,8595683","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:08,8603283","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:08,8614082","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:08,8661987","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:08,8704952","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:08,8706552","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:08,8727353","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:08,8735335","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:08,8740564","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:08,8936737","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:08,8941962","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:08,8945614","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:08,8948857","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:08,8951642","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:08,8954072","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:08,8956876","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:08,8993780","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:08,8998562","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:08,9014213","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:08,9045100","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,9051123","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 351.114, Length: 16.200"
"12:27:08,9054341","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 352.256, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:08,9084118","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,9088946","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\VIDEOPRT.SYS","NO SUCH FILE","Filter: VIDEOPRT.SYS"
"12:27:08,9091801","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:08,9107434","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,9111418","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\VIDEOPRT.SYS","SUCCESS","Filter: VIDEOPRT.SYS, 1: videoprt.sys"
"12:27:08,9115430","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:08,9141544","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,9147119","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:08,9149130","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:08,9155180","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,9158735","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.624.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9159122","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:08,9161888","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.624.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9162364","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:08,9163544","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.624.459, Length: 1.460"
"12:27:08,9167132","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.625.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9188488","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,9189533","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.625.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9192048","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:08,9192668","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.625.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9193676","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:08,9194553","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.625.919, Length: 2.920"
"12:27:08,9199353","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.628.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9200081","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,9203677","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:08,9206892","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:08,9219781","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:08,9220891","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.628.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9224483","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.633.920, EndOfFile: 407.628.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9224987","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:08,9228150","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.628.839, Length: 5.840, Priority: Normal"
"12:27:08,9228556","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:08,9247356","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 407.633.920, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:08,9251760","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.634.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9254680","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 118.388, Length: 4.096"
"12:27:08,9260278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:08,9262344","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.634.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9265923","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.634.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9267593","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.634.679, Length: 3.472"
"12:27:08,9270392","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.638.151, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9276722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 116.232, Length: 4.096"
"12:27:08,9292891","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.638.151, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9293558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,9295709","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.638.151, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9297341","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.638.151, Length: 5.840"
"12:27:08,9300145","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.643.991, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9318357","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.643.991, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9320358","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.643.991, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9322318","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.643.991, Length: 2.368"
"12:27:08,9329791","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.646.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9336135","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 110.080, Length: 4.096"
"12:27:08,9351707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 114.176, Length: 4.096"
"12:27:08,9355131","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.646.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9358364","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.646.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9361098","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.646.359, Length: 3.472"
"12:27:08,9363981","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.649.831, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9367433","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 118.272, Length: 4.096"
"12:27:08,9371025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 124.416, Length: 4.096"
"12:27:08,9374990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 120.320, Length: 4.096"
"12:27:08,9379067","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:08,9386419","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.649.831, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9389685","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.649.831, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9392083","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.649.831, Length: 8.208"
"12:27:08,9395707","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.658.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9415501","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.658.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9418319","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.658.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9420315","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.658.039, Length: 2.920"
"12:27:08,9420367","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 126.976, Length: 2.048"
"12:27:08,9423180","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.660.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:08,9428409","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,9474112","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 30.720, Length: 4.096"
"12:27:08,9504603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 118.388, Length: 4.096"
"12:27:08,9507005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:08,9513863","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 36.352, Length: 4.096"
"12:27:08,9517053","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 118.388, Length: 4.096"
"12:27:08,9714402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\videoprt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,0367525","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,0371887","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,0374322","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:09,0376701","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:09,0378352","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:09,0380312","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:09,0382336","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:09,0417226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:09,0422059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:09,0437332","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:09,0463031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,0469366","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 273.030, Length: 16.200"
"12:27:09,0489855","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,0494319","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\watchdog.sys","NO SUCH FILE","Filter: watchdog.sys"
"12:27:09,0497459","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:09,0513572","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,0517556","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Filter: watchdog.sys, 1: watchdog.sys"
"12:27:09,0522002","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:09,0548881","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,0554470","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:09,0556481","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,0562844","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,0566482","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,0570112","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,0596208","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,0599436","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:09,0601386","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:09,0607413","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,0611014","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,0614224","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,0627869","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,0631489","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:09,0634685","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,0659992","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 38.000, Length: 4.096"
"12:27:09,0665198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:09,0681610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 37.896, Length: 4.096"
"12:27:09,0698465","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,0740244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 35.328, Length: 4.096"
"12:27:09,0761097","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 39.424, Length: 3.072"
"12:27:09,0764675","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:09,0789605","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 40.960, Length: 1.536"
"12:27:09,0797610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,0817217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 19.968, Length: 4.096"
"12:27:09,0869759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 38.000, Length: 4.096"
"12:27:09,0871853","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,0879014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 17.408, Length: 4.096"
"12:27:09,0882210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 38.000, Length: 4.096"
"12:27:09,0976946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 42.096, Length: 400"
"12:27:09,1054395","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\watchdog.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,1132809","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,1136816","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:09,1140427","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:09,1144033","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:09,1146444","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:09,1148842","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,1150853","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:09,1152910","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:09,1155308","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:09,1157314","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:09,1159301","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,1161274","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:09,1163299","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:09,1165342","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:09,1167330","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:09,1169294","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,1170940","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:09,1172942","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:09,1174952","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:09,1176935","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:09,1573880","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,1578232","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,1580667","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:09,1583056","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:09,1584712","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:09,1586680","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:09,1588691","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:09,1623193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:09,1628008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:09,1630009","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:60844 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:09,1649173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:09,1650008","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:60844 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 365, seqnum: 0, connid: 0"
"12:27:09,1675572","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,1681594","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.930.964, Length: 16.200"
"12:27:09,1703249","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,1707686","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\RDPCDD.sys","NO SUCH FILE","Filter: RDPCDD.sys"
"12:27:09,1710830","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:09,1727745","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,1731734","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Filter: RDPCDD.sys, 1: RDPCDD.sys"
"12:27:09,1735727","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:09,1765793","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,1773364","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:09,1775431","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,1783427","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,1787457","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,1791866","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,1794991","svchost.exe","588","WriteFile","C:\Windows\System32\winevt\Logs\Security.evtx","SUCCESS","Offset: 8.523.776, Length: 512"
"12:27:09,1797842","svchost.exe","588","WriteFile","C:\Windows\System32\winevt\Logs\Security.evtx","SUCCESS","Offset: 8.583.296, Length: 1.520"
"12:27:09,1820779","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,1824801","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:09,1826746","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:09,1832806","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,1836412","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,1839976","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,1853285","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,1857227","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:09,1860423","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,1886159","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 5.732, Length: 1.948"
"12:27:09,1891394","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:09,1908617","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 4.328, Length: 3.352"
"12:27:09,1927496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,1969584","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 5.632, Length: 2.048"
"12:27:09,1972798","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 2.048, Length: 4.096"
"12:27:09,1978018","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 6.144, Length: 1.536"
"12:27:09,1987217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,2048623","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 5.732, Length: 1.948"
"12:27:09,2051058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,2059450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 5.732, Length: 1.948"
"12:27:09,2226154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPCDD.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,2556860","svchost.exe","588","WriteFile","C:\Windows\System32\winevt\Logs\System.evtx","SUCCESS","Offset: 11.997.184, Length: 512"
"12:27:09,2559725","svchost.exe","588","WriteFile","C:\Windows\System32\winevt\Logs\System.evtx","SUCCESS","Offset: 12.025.408, Length: 1.064"
"12:27:09,2662467","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,2665294","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,2667309","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976190, endtime: 976190, seqnum: 0, connid: 0"
"12:27:09,2686533","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,2688185","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,2689370","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,2690536","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,2691376","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,2693363","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,2694585","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976190, endtime: 976190, seqnum: 0, connid: 0"
"12:27:09,2760525","svchost.exe","512","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,2768885","svchost.exe","512","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,2771320","svchost.exe","512","RegOpenKey","HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\RepositoryRestoreInProgress","NAME NOT FOUND","Desired Access: Read"
"12:27:09,2776983","svchost.exe","512","RegCloseKey","HKLM","SUCCESS",""
"12:27:09,2783229","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.660.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,2786042","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.660.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,2787694","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.660.959, Length: 2.920"
"12:27:09,2790833","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.663.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,2823904","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.663.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,2826679","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.663.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,2828298","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.663.879, Length: 2.920"
"12:27:09,2831102","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.666.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,2873185","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,2874995","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.666.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,2877197","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,2877798","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.666.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,2879436","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.666.799, Length: 5.840"
"12:27:09,2879641","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:09,2882015","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:09,2882650","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.672.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,2883672","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:09,2885626","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:09,2887641","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:09,2928983","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:09,2933839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:09,2969130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:09,2987981","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,2993565","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.306.130, Length: 16.200"
"12:27:09,2999163","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.306.048, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:09,3021154","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3024335","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3025571","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:09,3027568","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976191, endtime: 976191, seqnum: 0, connid: 0"
"12:27:09,3043625","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,3048775","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\rdpencdd.sys","NO SUCH FILE","Filter: rdpencdd.sys"
"12:27:09,3051635","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:09,3057293","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3059239","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3060092","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3061259","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3062108","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3064114","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:09,3065658","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976191, endtime: 976191, seqnum: 0, connid: 0"
"12:27:09,3067650","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,3071629","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\rdpencdd.sys","SUCCESS","Filter: rdpencdd.sys, 1: RDPENCDD.sys"
"12:27:09,3077320","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3078916","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3079760","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3081314","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976191, endtime: 976191, seqnum: 0, connid: 0"
"12:27:09,3085069","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:09,3129517","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,3135866","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:09,3137900","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,3144720","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,3148713","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,3152338","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,3154503","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.672.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3157344","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.672.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3158976","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.672.639, Length: 3.472"
"12:27:09,3162517","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.676.111, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3180449","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,3184009","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:09,3185642","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:09,3191692","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,3193824","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.676.111, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3195321","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,3196628","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.676.111, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3198587","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.676.111, Length: 8.208"
"12:27:09,3198895","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,3201862","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.684.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3212176","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,3216118","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:09,3219323","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,3235520","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.684.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3238323","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.684.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3240273","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.684.319, Length: 4.380"
"12:27:09,3243464","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.688.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3246268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 5.732, Length: 1.948"
"12:27:09,3251824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:09,3268711","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 4.328, Length: 3.352"
"12:27:09,3285137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,3328092","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 5.632, Length: 2.048"
"12:27:09,3331311","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 2.048, Length: 4.096"
"12:27:09,3341154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 6.144, Length: 1.536"
"12:27:09,3351142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,3352691","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3355494","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3357510","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976191, endtime: 976191, seqnum: 0, connid: 0"
"12:27:09,3377905","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3379164","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3380331","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3381170","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3382323","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3385126","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976191, endtime: 976191, seqnum: 0, connid: 0"
"12:27:09,3388485","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 2920, seqnum: 0, connid: 0"
"12:27:09,3415500","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 5.732, Length: 1.948"
"12:27:09,3418742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,3432537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 5.732, Length: 1.948"
"12:27:09,3456333","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.688.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3459127","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.699.456, EndOfFile: 407.688.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3462789","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.688.699, Length: 11.680, Priority: Normal"
"12:27:09,3481603","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.700.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3594622","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPENCDD.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,3676581","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3679394","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3680640","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:09,3682599","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976191, endtime: 976191, seqnum: 0, connid: 0"
"12:27:09,3703848","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3705467","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3706326","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3707487","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3708331","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3710342","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:09,3711868","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976191, endtime: 976191, seqnum: 0, connid: 0"
"12:27:09,3722765","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3724724","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3725578","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,3727127","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976191, endtime: 976191, seqnum: 0, connid: 0"
"12:27:09,3758858","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.700.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3761676","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.700.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3763308","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.700.379, Length: 3.472"
"12:27:09,3766546","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.703.851, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3804155","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.703.851, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3806954","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.703.851, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3808928","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.703.851, Length: 5.840"
"12:27:09,3812146","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.709.691, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3846206","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.709.691, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3849005","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.709.691, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3850647","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.709.691, Length: 2.368"
"12:27:09,3854603","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.712.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3874965","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,3880605","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,3885783","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:09,3889385","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.712.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3890224","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:09,3892170","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.712.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3894246","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,3896345","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.712.059, Length: 4.380"
"12:27:09,3897026","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,3898659","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:09,3900385","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.716.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,3901430","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:09,3903884","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:09,3905474","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,3907102","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:09,3913876","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:09,4271388","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,4275385","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,4277821","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:09,4280204","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:09,4281837","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:09,4283479","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:09,4285807","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:09,4323542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:09,4327983","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:09,4361674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:09,4365000","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,4367832","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,4369385","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,4370556","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,4371414","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,4373822","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,4375049","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976192, endtime: 976192, seqnum: 0, connid: 0"
"12:27:09,4385218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,4391264","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.658.642, Length: 16.200"
"12:27:09,4412499","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,4416931","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\rdprefmp.sys","NO SUCH FILE","Filter: rdprefmp.sys"
"12:27:09,4420089","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:09,4437368","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,4441352","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\rdprefmp.sys","SUCCESS","Filter: rdprefmp.sys, 1: RDPREFMP.sys"
"12:27:09,4445345","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:09,4449992","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.716.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,4452805","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.716.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,4454437","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.716.439, Length: 8.760"
"12:27:09,4458048","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.725.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,4471087","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,4476648","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:09,4478663","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,4484718","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,4488343","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,4491552","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,4517602","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,4520816","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:09,4523232","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:09,4529628","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,4533225","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,4536443","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,4549655","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,4553270","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:09,4556153","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,4581778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 5.732, Length: 2.460"
"12:27:09,4587007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:09,4603857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 4.328, Length: 3.864"
"12:27:09,4620311","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,4632323","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:09,4635127","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:09,4637469","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:09,4640324","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:09,4643934","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:09,4661666","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 5.632, Length: 2.560"
"12:27:09,4664857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 2.048, Length: 4.096"
"12:27:09,4664946","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,4668150","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976192, endtime: 976192, seqnum: 0, connid: 0"
"12:27:09,4670035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 6.144, Length: 2.048"
"12:27:09,4676179","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,4678180","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976192, endtime: 976192, seqnum: 0, connid: 0"
"12:27:09,4678843","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,4724686","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.725.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,4733558","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.725.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,4735564","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.725.199, Length: 1.460"
"12:27:09,4738377","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.726.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,4738657","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 5.732, Length: 2.460"
"12:27:09,4741078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,4753902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 5.732, Length: 2.460"
"12:27:09,4770109","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.726.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,4772894","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.726.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,4774517","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.726.659, Length: 1.460"
"12:27:09,4776920","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.728.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,4920326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RDPREFMP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,4987978","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,4990782","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,4992797","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976193, endtime: 976193, seqnum: 0, connid: 0"
"12:27:09,5002024","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,5004380","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976193, endtime: 976193, seqnum: 0, connid: 0"
"12:27:09,5183847","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.728.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,5187006","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.728.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,5188662","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.728.119, Length: 4.380"
"12:27:09,5192226","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.732.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,5308757","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,5311594","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,5313614","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976193, endtime: 976193, seqnum: 0, connid: 0"
"12:27:09,5390619","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.732.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,5393115","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.732.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,5395489","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.732.499, Length: 2.920"
"12:27:09,5398311","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.735.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,5617870","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,5625128","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,5627927","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:09,5630339","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:09,5632308","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:09,5634286","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:09,5636301","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:09,5672030","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:09,5676831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:09,5695528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:09,5719562","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,5726751","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 44.772, Length: 16.200"
"12:27:09,5751536","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,5757185","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\Msfs.SYS","NO SUCH FILE","Filter: Msfs.SYS"
"12:27:09,5760731","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:09,5778033","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,5782008","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\Msfs.SYS","SUCCESS","Filter: Msfs.SYS, 1: msfs.sys"
"12:27:09,5786001","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:09,5811752","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,5817322","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:09,5819337","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,5826507","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,5830150","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,5833365","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,5861896","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,5865427","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:09,5867060","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:09,5873082","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,5882035","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,5888108","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,5908569","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,5913001","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:09,5916579","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,5946701","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 22.964, Length: 3.148"
"12:27:09,5953101","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:09,5969942","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 22.024, Length: 4.088"
"12:27:09,5986801","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,6026939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 22.016, Length: 4.096"
"12:27:09,6031706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 3.584, Length: 4.096"
"12:27:09,6052638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 25.088, Length: 1.024"
"12:27:09,6060979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,6120817","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 22.964, Length: 3.148"
"12:27:09,6123994","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,6131272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 5.120, Length: 4.096"
"12:27:09,6134434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 22.964, Length: 3.148"
"12:27:09,6300140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\msfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,6803386","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,6807743","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,6810188","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:09,6812576","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:09,6814540","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:09,6816191","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:09,6818221","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:09,6855517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:09,6860313","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:09,6881450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:09,6902858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,6908890","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.565.654, Length: 16.200"
"12:27:09,6912472","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.568.192, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:09,6943093","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,6947908","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\Npfs.SYS","NO SUCH FILE","Filter: Npfs.SYS"
"12:27:09,6950758","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:09,6966414","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,6970393","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\Npfs.SYS","SUCCESS","Filter: Npfs.SYS, 1: npfs.sys"
"12:27:09,6974055","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:09,7000062","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,7005329","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:09,7007354","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,7013731","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,7017351","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,7020556","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,7047020","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,7050239","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:09,7051862","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:09,7057871","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,7061472","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,7064687","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,7077567","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,7081499","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:09,7084387","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,7109625","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 39.852, Length: 4.096"
"12:27:09,7115218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:09,7132488","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 38.828, Length: 4.096"
"12:27:09,7149328","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,7189471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 39.936, Length: 4.096"
"12:27:09,7193865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 6.656, Length: 4.096"
"12:27:09,7217139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 42.496, Length: 1.536"
"12:27:09,7225554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,7229967","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 37.888, Length: 4.096"
"12:27:09,7300600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,7309394","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 8.704, Length: 4.096"
"12:27:09,7312613","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 39.852, Length: 4.096"
"12:27:09,7411268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 43.948, Length: 84"
"12:27:09,7513208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npfs.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,8017531","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,8023885","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,8026358","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:09,8028760","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:09,8030747","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:09,8032730","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:09,8034755","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:09,8054907","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,8058066","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:09,8060085","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976196, endtime: 976196, seqnum: 0, connid: 0"
"12:27:09,8068893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:09,8074038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:09,8091215","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:09,8129123","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,8135150","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 798.882, Length: 16.200"
"12:27:09,8147321","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.735.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,8150143","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.735.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,8151776","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.735.419, Length: 2.920"
"12:27:09,8154976","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.738.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:09,8156810","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,8161605","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\tdx.sys","NO SUCH FILE","Filter: tdx.sys"
"12:27:09,8164451","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:09,8180839","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,8184510","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Filter: tdx.sys, 1: tdx.sys"
"12:27:09,8188518","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:09,8214931","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,8220202","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:09,8222595","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,8231725","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,8238139","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,8243947","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,8278431","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,8282382","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:09,8284038","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:09,8290466","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,8294446","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,8298075","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,8312065","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,8315709","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:09,8319329","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,8350640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 113.772, Length: 4.096"
"12:27:09,8361076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:09,8382288","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 98.480, Length: 4.096"
"12:27:09,8400388","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,8442900","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 113.664, Length: 4.096"
"12:27:09,8448111","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 99.328, Length: 4.096"
"12:27:09,8473348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 117.760, Length: 1.536"
"12:27:09,8489821","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,8558163","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 113.772, Length: 4.096"
"12:27:09,8561732","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,8568958","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:09,8572172","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 113.772, Length: 4.096"
"12:27:09,8577037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,8582612","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:09,8587837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:09,8593430","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:09,8598646","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:09,8603852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:09,8609058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:09,8613947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:09,8619531","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:09,8625138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:09,8631189","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:09,8640528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:09,8646933","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:09,8652512","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:09,8658124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:09,8663326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:09,8668219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:09,8673416","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:09,8678632","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:09,8683838","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:09,8689039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:09,8694236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:09,8699438","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:09,8704317","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:09,8709509","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:09,8714711","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:09,8719898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:09,8725538","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:09,8730740","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:09,8735624","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 118.784, Length: 512"
"12:27:09,8750795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 113.772, Length: 4.096"
"12:27:09,8755628","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,8760059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:09,8764472","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:09,8768876","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:09,8773280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:09,8777688","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:09,8782083","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:09,8786169","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:09,8790568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:09,8794972","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:09,8799371","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:09,8803780","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:09,8808179","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:09,8812583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:09,8816664","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:09,8821064","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:09,8825840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:09,8830244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:09,8834653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:09,8839052","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:09,8843138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:09,8847542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:09,8851946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:09,8856345","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:09,8860753","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:09,8865152","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:09,8869566","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:09,8873969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:09,8878373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:09,8882455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 118.784, Length: 512"
"12:27:09,8897238","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 113.772, Length: 4.096"
"12:27:09,8970236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 118.784, Length: 512"
"12:27:09,9050134","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdx.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,9536147","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:09,9540210","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:09,9542967","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:09,9545029","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:09,9546998","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:09,9548645","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:09,9550982","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:09,9585083","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:09,9589548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:09,9607298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:09,9638245","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,9644282","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.680.836, Length: 16.200"
"12:27:09,9665107","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,9670341","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\TDI.SYS","NO SUCH FILE","Filter: TDI.SYS"
"12:27:09,9673182","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:09,9690428","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,9694393","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\TDI.SYS","SUCCESS","Filter: TDI.SYS, 1: tdi.sys"
"12:27:09,9698032","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:09,9730076","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,9739653","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:09,9742088","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,9750471","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,9754875","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,9758924","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,9788183","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,9791430","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:09,9793371","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:09,9799417","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,9803023","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:09,9806255","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:09,9819845","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:09,9825093","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:09,9828694","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:09,9853964","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 23.148, Length: 3.476"
"12:27:09,9859198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:09,9875293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 8.240, Length: 4.096"
"12:27:09,9892082","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,9933045","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 20.992, Length: 4.096"
"12:27:09,9950264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 17.408, Length: 4.096"
"12:27:09,9967907","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 25.088, Length: 1.536"
"12:27:09,9975184","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:09,9998425","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:10,0055399","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 23.148, Length: 3.476"
"12:27:10,0057829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,0065447","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 18.944, Length: 4.096"
"12:27:10,0068601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 23.148, Length: 3.476"
"12:27:10,0073425","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,0078682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:10,0083898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:10,0089477","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:10,0094678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:10,0099567","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:10,0104750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 24.576, Length: 2.048"
"12:27:10,0119599","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 23.148, Length: 3.476"
"12:27:10,0125985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,0130436","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:10,0134844","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:10,0139252","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:10,0143665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:10,0148069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:10,0152478","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 24.576, Length: 2.048"
"12:27:10,0169304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 23.148, Length: 3.476"
"12:27:10,0327285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tdi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,0655029","svchost.exe","948","UDP Receive","239.255.255.250:ws-discovery -> buntes091.wohnheim.uni-kl.de:57828","SUCCESS","Length: 658, seqnum: 0, connid: 0"
"12:27:10,0659106","svchost.exe","948","UDP Receive","239.255.255.250:ws-discovery -> buntes091.wohnheim.uni-kl.de:57828","SUCCESS","Length: 658, seqnum: 0, connid: 0"
"12:27:10,0677603","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:10,0681638","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,0684026","svchost.exe","948","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001","SUCCESS","Desired Access: Read"
"12:27:10,0687264","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:10,0690063","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider"
"12:27:10,0692092","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider"
"12:27:10,0694065","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider"
"12:27:10,0695666","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider Types\Type 001\Name","SUCCESS","Type: REG_SZ, Length: 80, Data: Microsoft Strong Cryptographic Provider"
"12:27:10,0697648","svchost.exe","948","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider Types\Type 001","SUCCESS",""
"12:27:10,0700093","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:10,0702127","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,0704091","svchost.exe","948","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider","SUCCESS","Desired Access: Read"
"12:27:10,0706474","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:10,0710887","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:10,0712539","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll"
"12:27:10,0714144","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll"
"12:27:10,0715767","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll"
"12:27:10,0717362","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: %SystemRoot%\system32\rsaenh.dll"
"12:27:10,0732860","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:10,0736867","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,0739297","svchost.exe","948","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"12:27:10,0742110","svchost.exe","948","RegSetInfoKey","HKLM\SOFTWARE\MICROSOFT\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:10,0744461","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:10,0746467","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: deaa1ea2-175e-449e-af27-1655b36bbdf3"
"12:27:10,0748851","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: deaa1ea2-175e-449e-af27-1655b36bbdf3"
"12:27:10,0750899","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: deaa1ea2-175e-449e-af27-1655b36bbdf3"
"12:27:10,0752541","svchost.exe","948","RegQueryValue","HKLM\SOFTWARE\MICROSOFT\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: deaa1ea2-175e-449e-af27-1655b36bbdf3"
"12:27:10,0755294","svchost.exe","948","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Cryptography","SUCCESS",""
"12:27:10,0758102","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:10,0760168","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,0762151","svchost.exe","948","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"12:27:10,0764530","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:10,0768528","svchost.exe","948","RegCloseKey","HKLM\SOFTWARE\MICROSOFT\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider","SUCCESS",""
"12:27:10,0823421","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:10,0827452","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,0829878","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:10,0832243","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:10,0833880","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:10,0835835","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:10,0837841","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:10,0871494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:10,0877857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,0894968","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:10,0928953","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,0934961","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 256.020, Length: 16.200"
"12:27:10,0956234","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,0961001","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\afd.sys","NO SUCH FILE","Filter: afd.sys"
"12:27:10,0963838","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:10,0979853","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,0983515","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\afd.sys","SUCCESS","Filter: afd.sys, 1: afd.sys"
"12:27:10,0987489","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:10,1013203","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,1018777","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:10,1020788","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:10,1028000","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,1031643","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:10,1034872","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:10,1060949","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,1064168","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:10,1066113","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:10,1072150","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,1075751","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:10,1078970","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:10,1092209","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,1095825","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:10,1099412","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:10,1124743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 427.628, Length: 4.096"
"12:27:10,1128316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 425.984, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,1143030","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:10,1172741","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,1185183","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 493.070, Length: 4.096"
"12:27:10,1188383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 491.520, Length: 7.168, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,1208176","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:10,1217744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 493.070, Length: 4.096"
"12:27:10,1237067","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,1248305","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 433.664, Length: 4.096"
"12:27:10,1251524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 434.176, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,1266307","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 79.360, Length: 4.096"
"12:27:10,1275082","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 437.760, Length: 4.096"
"12:27:10,1278291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 438.272, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,1312089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 441.856, Length: 4.096"
"12:27:10,1315280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 442.368, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,1347361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:10,1350963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 454.656, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,1365447","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,1371013","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 427.520, Length: 4.096"
"12:27:10,1414239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 81.408, Length: 4.096"
"12:27:10,1417565","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:10,1420779","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,1426386","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:10,1429974","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:10,1431998","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:10,1434023","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,1435968","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:10,1438786","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:10,1441240","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:10,1442830","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,1444449","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:10,1446395","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:10,1451587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 427.628, Length: 4.096"
"12:27:10,1454381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,1461985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 111.104, Length: 4.096"
"12:27:10,1465600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 427.628, Length: 4.096"
"12:27:10,1470452","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,1476041","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:10,1481261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:10,1486868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:10,1492877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:10,1498129","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:10,1503671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:10,1508938","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:10,1514172","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:10,1519378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:10,1521007","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:53528 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:10,1526581","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:10,1532161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:10,1537847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:10,1544845","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:53528 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 365, seqnum: 0, connid: 0"
"12:27:10,1546804","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:10,1552822","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:10,1558779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:10,1564037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:10,1569261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:10,1578815","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:10,1584847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:10,1590072","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:10,1595278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:10,1600162","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:10,1605364","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:10,1610575","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:10,1615781","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:10,1620982","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:10,1626631","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:10,1632192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:10,1637389","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:10,1642287","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:10,1647834","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:10,1653054","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:10,1657938","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:10,1663144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:10,1668346","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:10,1673557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:10,1678763","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:10,1683969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:10,1689175","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:10,1694372","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:10,1699261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:10,1704458","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:10,1709659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:10,1714865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:10,1720062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:10,1725674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:10,1730880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:10,1735769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:10,1740966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:10,1746172","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:10,1751374","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:10,1759682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:10,1766488","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:10,1772506","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:10,1778906","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:10,1784150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:10,1789356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:10,1794557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:10,1799446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:10,1804648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:10,1810209","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:10,1815093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:10,1821050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:10,1828285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:10,1837331","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:10,1843736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:10,1848989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:10,1854204","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:10,1859415","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:10,1864621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:10,1869827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:10,1875033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:10,1880239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:10,1885128","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:10,1890073","svchost.exe","948","UDP Receive","239.255.255.250:ws-discovery -> buntes091.wohnheim.uni-kl.de:57828","SUCCESS","Length: 658, seqnum: 0, connid: 0"
"12:27:10,1890335","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:10,1893717","svchost.exe","948","UDP Receive","239.255.255.250:ws-discovery -> buntes091.wohnheim.uni-kl.de:57828","SUCCESS","Length: 658, seqnum: 0, connid: 0"
"12:27:10,1895536","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:10,1900737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:10,1905953","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:10,1911164","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:10,1916375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:10,1921576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:10,1927655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:10,1932875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:10,1938076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:10,1943278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:10,1948488","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:10,1953690","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:10,1958901","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:10,1964112","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:10,1969304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:10,1974193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:10,1979385","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:10,1984586","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:10,1989788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:10,1995036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:10,2000233","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:10,2005448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:10,2010645","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:10,2015832","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:10,2020726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:10,2026688","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:10,2031889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:10,2036774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:10,2041970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:10,2047172","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:10,2052373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:10,2057556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:10,2062440","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:10,2067642","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:10,2072848","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:10,2078045","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:10,2083237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:10,2088121","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:10,2093313","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 466.944, Length: 4.096"
"12:27:10,2098519","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 471.040, Length: 4.096"
"12:27:10,2103712","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 475.136, Length: 4.096"
"12:27:10,2108591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 479.232, Length: 4.096"
"12:27:10,2113774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 483.328, Length: 4.096"
"12:27:10,2118985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 487.424, Length: 4.096"
"12:27:10,2127708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 491.520, Length: 4.096"
"12:27:10,2134118","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 495.616, Length: 3.072"
"12:27:10,2152965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 427.628, Length: 4.096"
"12:27:10,2157826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,2162584","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:10,2166992","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:10,2171405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:10,2175814","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:10,2180218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:10,2184313","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:10,2189034","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:10,2193135","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:10,2197539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:10,2201943","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:10,2206356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:10,2210764","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:10,2215168","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:10,2219576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:10,2224815","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:10,2229223","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:10,2233632","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:10,2238036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:10,2242444","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:10,2246857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:10,2251266","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:10,2255669","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:10,2260073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:10,2264472","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:10,2268885","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:10,2273284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:10,2277376","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:10,2281779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:10,2286188","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:10,2290591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:10,2295000","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:10,2299408","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:10,2303854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:10,2308277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:10,2312676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:10,2317079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:10,2321492","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:10,2326260","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:10,2330659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:10,2334755","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:10,2339163","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:10,2343563","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:10,2347971","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:10,2352375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:10,2356783","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:10,2361182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:10,2365591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:10,2370004","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:10,2374398","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:10,2378489","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:10,2382884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:10,2387288","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:10,2391691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:10,2396095","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:10,2400494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:10,2404893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:10,2408975","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:10,2413374","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:10,2417778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:10,2422592","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:10,2427369","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:10,2431778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:10,2436172","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:10,2440268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:10,2444672","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:10,2449076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:10,2453475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:10,2457883","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:10,2462291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:10,2466695","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:10,2471104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:10,2475493","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:10,2479580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:10,2483979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:10,2488378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:10,2492787","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:10,2497195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:10,2501594","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:10,2505993","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:10,2510397","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:10,2514493","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:10,2518892","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:10,2524467","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:10,2528940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:10,2533349","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:10,2537752","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:10,2542156","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:10,2546560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:10,2550964","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:10,2555368","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:10,2559767","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:10,2564170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:10,2571924","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:10,2580866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:10,2586880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:10,2591661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:10,2596079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:10,2600478","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:10,2604569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:10,2608982","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:10,2613381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:10,2617790","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:10,2622973","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:10,2627437","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:10,2631846","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:10,2636245","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:10,2640644","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:10,2645052","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:10,2649461","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:10,2653869","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:10,2658268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:10,2662667","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:10,2667076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:10,2671167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 466.944, Length: 4.096"
"12:27:10,2675561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 471.040, Length: 4.096"
"12:27:10,2679965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 475.136, Length: 4.096"
"12:27:10,2684369","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 479.232, Length: 4.096"
"12:27:10,2688777","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 483.328, Length: 4.096"
"12:27:10,2693176","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 487.424, Length: 4.096"
"12:27:10,2697580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 491.520, Length: 4.096"
"12:27:10,2701970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 495.616, Length: 3.072"
"12:27:10,2722104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 427.628, Length: 4.096"
"12:27:10,2794281","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 431.724, Length: 4.096"
"12:27:10,2925447","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\afd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,3245540","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:10,3250373","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,3253139","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:10,3255542","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:10,3257198","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:10,3259167","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:10,3261182","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:10,3295320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:10,3299738","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,3317619","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:10,3341840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,3347844","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.438.944, Length: 16.200"
"12:27:10,3369536","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,3374304","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\afd.sys.mui","NO SUCH FILE","Filter: afd.sys.mui"
"12:27:10,3377149","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:10,3393537","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,3397199","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Filter: afd.sys.mui, 1: afd.sys.mui"
"12:27:10,3401183","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:10,3436343","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,3442413","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:10,3444773","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:10,3451570","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,3455232","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:10,3458857","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:10,3486515","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,3490079","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:10,3491722","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:10,3497767","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,3501387","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:10,3504961","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:10,3518564","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,3522585","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:10,3525869","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:10,3634536","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 14.848, Length: 2.048"
"12:27:10,3643381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,3728456","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:10,3734427","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:10,3740039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:10,3745269","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 16.384, Length: 512"
"12:27:10,3758485","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,3768123","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:10,3776268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:10,3776902","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,3779753","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,3781773","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976202, endtime: 976202, seqnum: 0, connid: 0"
"12:27:10,3782234","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:10,3787021","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 16.384, Length: 512"
"12:27:10,3790160","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,3792129","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976202, endtime: 976202, seqnum: 0, connid: 0"
"12:27:10,3855242","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.738.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,3858442","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.738.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,3860849","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.738.339, Length: 2.920"
"12:27:10,3864861","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.741.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,3867305","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:27:10,3876131","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 6.656, Length: 4.096"
"12:27:10,3882499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 10.752, Length: 4.096"
"12:27:10,3907634","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.741.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,3910433","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.741.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,3912388","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.741.259, Length: 1.460"
"12:27:10,3914837","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.742.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4024786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\afd.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,4097682","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,4100495","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,4102818","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976202, endtime: 976202, seqnum: 0, connid: 0"
"12:27:10,4181642","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.742.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4184768","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.742.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4186424","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.742.719, Length: 2.920"
"12:27:10,4190011","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.745.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4422058","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,4425589","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,4427609","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976202, endtime: 976202, seqnum: 0, connid: 0"
"12:27:10,4436435","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,4438091","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976202, endtime: 976202, seqnum: 0, connid: 0"
"12:27:10,4487671","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.745.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4491221","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.745.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4493609","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.745.639, Length: 2.920"
"12:27:10,4496810","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.748.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4549879","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.748.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4552351","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.748.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4554296","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.748.559, Length: 1.460"
"12:27:10,4557142","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.750.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4578853","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:10,4582865","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,4585743","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:10,4588136","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:10,4590110","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:10,4591747","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:10,4593767","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:10,4630607","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:10,4633392","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:10,4635421","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:10,4639423","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:10,4640011","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:10,4643398","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:10,4645628","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,4663243","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:10,4695170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,4701575","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.362.156, Length: 16.200"
"12:27:10,4724420","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,4729267","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\netbt.sys","NO SUCH FILE","Filter: netbt.sys"
"12:27:10,4732448","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:10,4748533","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,4752522","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Filter: netbt.sys, 1: netbt.sys"
"12:27:10,4753357","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,4756184","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,4756547","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:10,4758218","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976202, endtime: 976202, seqnum: 0, connid: 0"
"12:27:10,4767436","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,4769040","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976202, endtime: 976202, seqnum: 0, connid: 0"
"12:27:10,4783040","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,4788624","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:10,4790649","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:10,4797068","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,4800702","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:10,4804256","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:10,4831183","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,4834411","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:10,4836361","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:10,4842397","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,4846004","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:10,4849222","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:10,4853281","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.750.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4856108","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.750.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4858109","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.750.019, Length: 4.380"
"12:27:10,4861711","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.754.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,4862494","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,4866446","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:10,4869660","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:10,4895345","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 250.476, Length: 4.096"
"12:27:10,4898587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 249.856, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,4917877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:10,4949207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,4990926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 252.416, Length: 4.096"
"12:27:10,4996128","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 172.544, Length: 4.096"
"12:27:10,4999337","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 172.032, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,5014457","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 256.512, Length: 4.096"
"12:27:10,5018077","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 258.048, Length: 3.584, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,5070180","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 260.608, Length: 1.024"
"12:27:10,5073544","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5076333","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5078017","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976203, endtime: 976203, seqnum: 0, connid: 0"
"12:27:10,5080145","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,5085383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 250.368, Length: 4.096"
"12:27:10,5094984","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5097806","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976203, endtime: 976203, seqnum: 0, connid: 0"
"12:27:10,5119079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 174.592, Length: 4.096"
"12:27:10,5149970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 250.476, Length: 4.096"
"12:27:10,5152373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,5159030","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.754.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5159226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 181.248, Length: 4.096"
"12:27:10,5162822","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 180.224, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,5163060","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.754.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5165038","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.754.399, Length: 2.920"
"12:27:10,5168290","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.757.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5177788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 250.476, Length: 4.096"
"12:27:10,5184589","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,5190201","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:10,5195426","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:10,5198673","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.757.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5201085","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:10,5201826","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.757.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5203464","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.757.319, Length: 1.460"
"12:27:10,5206244","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.758.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5206650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:10,5211856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:10,5216750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:10,5223915","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:10,5229196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:10,5234743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:10,5235988","svchost.exe","512","Thread Exit","","SUCCESS","Thread ID: 8844, User Time: 0.3432022, Kernel Time: 0.1560010"
"12:27:10,5241227","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:10,5248971","svchost.exe","512","Thread Exit","","SUCCESS","Thread ID: 8948, User Time: 5.9592382, Kernel Time: 2.1840140"
"12:27:10,5253622","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:10,5261258","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:10,5266535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:10,5272081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:10,5277357","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:10,5282909","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:10,5288115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:10,5293008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:10,5298210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:10,5303416","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:10,5308618","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:10,5313828","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:10,5319025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:10,5324674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:10,5329885","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:10,5335091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:10,5340288","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:10,5345168","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:10,5350369","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:10,5355571","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:10,5360810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:10,5366006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:10,5371212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:10,5376409","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:10,5381611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:10,5386490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:10,5391683","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:10,5396884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:10,5402085","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:10,5403224","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5405696","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5407250","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5407315","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:10,5408472","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5410100","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976203, endtime: 976203, seqnum: 0, connid: 0"
"12:27:10,5412521","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:10,5417723","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:10,5423344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:10,5428550","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:10,5433430","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:10,5438626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:10,5443833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:10,5449034","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:10,5454221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:10,5459096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:10,5464293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:10,5469490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:10,5474435","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.758.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5474692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:10,5477243","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.758.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5479189","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.758.779, Length: 5.840"
"12:27:10,5479907","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:10,5482048","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.764.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5484787","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:10,5489974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:10,5495171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:10,5500358","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:10,5505238","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:10,5510439","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:10,5515636","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:10,5520838","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:10,5526473","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 258.048, Length: 3.584"
"12:27:10,5549527","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 250.476, Length: 4.096"
"12:27:10,5555881","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,5560705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:10,5565151","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:10,5569564","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:10,5573981","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:10,5578399","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:10,5582803","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:10,5587216","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:10,5591629","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:10,5596028","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:10,5600441","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:10,5604845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:10,5609249","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:10,5613648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:10,5617739","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:10,5622544","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:10,5627312","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:10,5631725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:10,5636147","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:10,5640556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:10,5644955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:10,5649354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:10,5653440","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:10,5657839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:10,5662243","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:10,5666652","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:10,5671055","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:10,5675464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:10,5679868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:10,5684271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:10,5688670","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:10,5692757","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:10,5697156","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:10,5701560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:10,5705959","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:10,5710372","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:10,5714780","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:10,5719189","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:10,5723177","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5724381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:10,5726046","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5728062","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976203, endtime: 976203, seqnum: 0, connid: 0"
"12:27:10,5728813","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:10,5733216","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:10,5737634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:10,5738898","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5740844","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,5742099","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976203, endtime: 976203, seqnum: 0, connid: 0"
"12:27:10,5748046","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:10,5753668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:10,5758081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:10,5763334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:10,5767765","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:10,5774212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:10,5779437","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:10,5784200","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:10,5788627","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:10,5793045","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:10,5797463","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:10,5801871","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:10,5806280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:10,5810693","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:10,5815097","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:10,5819533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:10,5819901","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.764.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5823946","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.764.992, EndOfFile: 407.764.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5824702","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:10,5827972","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.764.619, Length: 5.840, Priority: Normal"
"12:27:10,5829124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:10,5833528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:10,5837619","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:10,5842014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:10,5847182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 258.048, Length: 3.584"
"12:27:10,5847612","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.770.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,5874426","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 250.476, Length: 4.096"
"12:27:10,6048426","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,6051556","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,6053557","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976204, endtime: 976204, seqnum: 0, connid: 0"
"12:27:10,6073528","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,6074629","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,6076719","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976204, endtime: 976204, seqnum: 0, connid: 0"
"12:27:10,6158585","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.770.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6161785","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.770.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6163745","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.770.459, Length: 2.920"
"12:27:10,6175477","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.773.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6181826","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.773.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6185054","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.773.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6186636","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.773.379, Length: 1.460"
"12:27:10,6189062","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.774.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6368855","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,6371682","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,6373702","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976204, endtime: 976204, seqnum: 0, connid: 0"
"12:27:10,6385304","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,6386550","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,6388117","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976204, endtime: 976204, seqnum: 0, connid: 0"
"12:27:10,6455652","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.774.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6458461","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.774.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6460406","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.774.839, Length: 5.840"
"12:27:10,6463629","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.780.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6736005","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,6739228","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976204, endtime: 976204, seqnum: 0, connid: 0"
"12:27:10,6749720","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,6751311","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,6752925","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976204, endtime: 976204, seqnum: 0, connid: 0"
"12:27:10,6804496","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:10,6808858","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,6811302","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:10,6813686","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:10,6815660","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:10,6817306","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:10,6819336","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:10,6854239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:10,6859818","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,6878586","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:10,6900012","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.780.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6903212","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.780.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6907891","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,6909491","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.780.679, Length: 1.460"
"12:27:10,6914320","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.089.348, Length: 16.200"
"12:27:10,6914693","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.782.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6919922","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.089.536, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,6931571","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.782.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6933941","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.782.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6935564","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.782.139, Length: 2.920"
"12:27:10,6937990","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.785.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,6950921","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,6956487","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\wfplwf.sys","NO SUCH FILE","Filter: wfplwf.sys"
"12:27:10,6959351","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:10,6976537","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,6980194","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Filter: wfplwf.sys, 1: wfplwf.sys"
"12:27:10,6984192","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:10,7013120","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,7018662","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:10,7020360","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:10,7028705","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,7032321","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:10,7035549","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:10,7062956","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,7066548","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:10,7068171","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:10,7078588","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,7082199","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:10,7086183","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:10,7099828","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,7103448","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:10,7106658","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:10,7142699","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7145503","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7147859","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976205, endtime: 976205, seqnum: 0, connid: 0"
"12:27:10,7157968","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7159535","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7159601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 8.736, Length: 4.064"
"12:27:10,7161140","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976205, endtime: 976205, seqnum: 0, connid: 0"
"12:27:10,7165222","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:10,7182049","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 8.200, Length: 4.096"
"12:27:10,7200144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,7217260","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.785.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7219742","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.785.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7223329","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.785.059, Length: 2.920"
"12:27:10,7226511","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.787.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7255019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:10,7260603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 6.144, Length: 4.096"
"12:27:10,7261414","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.787.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7264204","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.787.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7265837","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.787.979, Length: 2.920"
"12:27:10,7269004","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.790.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7276277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 10.752, Length: 2.048"
"12:27:10,7285117","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,7345319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 8.736, Length: 4.064"
"12:27:10,7348062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,7355302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:10,7454443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 12.288, Length: 512"
"12:27:10,7462373","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7465195","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7467201","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976205, endtime: 976205, seqnum: 0, connid: 0"
"12:27:10,7477623","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7479242","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7480492","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976205, endtime: 976205, seqnum: 0, connid: 0"
"12:27:10,7531877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wfplwf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,7543796","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.790.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7550635","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.790.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7554628","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.790.899, Length: 2.920"
"12:27:10,7558696","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.793.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7569118","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.793.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7571138","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.793.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7572742","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.793.819, Length: 2.920"
"12:27:10,7582026","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.796.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7835792","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7839356","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976206, endtime: 976206, seqnum: 0, connid: 0"
"12:27:10,7852255","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7854228","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7855418","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,7857027","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976206, endtime: 976206, seqnum: 0, connid: 0"
"12:27:10,7911995","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.796.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7915167","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.796.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7916809","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.796.739, Length: 1.460"
"12:27:10,7919972","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.798.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7956299","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.798.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7958776","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.798.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,7960721","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.798.199, Length: 4.380"
"12:27:10,7963926","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.802.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,8161153","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,8163952","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,8166004","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976206, endtime: 976206, seqnum: 0, connid: 0"
"12:27:10,8176407","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:10,8178087","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976206, endtime: 976206, seqnum: 0, connid: 0"
"12:27:10,8245216","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.802.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,8248020","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.802.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,8249662","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.802.579, Length: 4.380"
"12:27:10,8252895","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.806.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:10,8450247","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:10,8454306","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,8457072","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:10,8459148","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:10,8461126","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:10,8463099","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:10,8465115","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:10,8501646","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:10,8506829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,8527411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:10,8550993","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,8556614","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 63.078, Length: 16.200"
"12:27:10,8578232","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,8583023","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\vwififlt.sys","NO SUCH FILE","Filter: vwififlt.sys"
"12:27:10,8585882","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:10,8601916","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,8605914","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Filter: vwififlt.sys, 1: vwififlt.sys"
"12:27:10,8609907","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:10,8643192","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,8649653","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:10,8652004","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:10,8658852","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,8662524","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:10,8666484","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:10,8693770","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,8697017","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:10,8698962","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:10,8705003","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,8708604","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:10,8711833","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:10,8726238","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:10,8729872","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:10,8733082","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:10,8759989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 51.916, Length: 4.096"
"12:27:10,8765587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:10,8782442","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 50.184, Length: 4.096"
"12:27:10,8799325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,8841034","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 49.664, Length: 4.096"
"12:27:10,8849865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 53.760, Length: 4.096"
"12:27:10,8853070","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 44.032, Length: 4.096"
"12:27:10,8877137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 54.784, Length: 4.096"
"12:27:10,8887946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,8918576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:10,8980732","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 51.916, Length: 4.096"
"12:27:10,8983541","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,8995180","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 46.592, Length: 4.096"
"12:27:10,8999565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 51.916, Length: 4.096"
"12:27:10,9017255","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9025656","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:10,9028894","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:10,9047003","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:10,9087388","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9094143","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:10,9095813","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:10,9099923","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 58.880, Length: 1.024"
"12:27:10,9102564","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9107037","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:10,9111385","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:10,9127041","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9131501","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:10,9135083","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:10,9147921","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9152330","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:10,9155189","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:10,9168419","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9172823","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:10,9176000","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:10,9199264","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9203691","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:10,9205334","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:10,9228612","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9232964","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:10,9234606","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:10,9234886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwififlt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,9255468","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9259471","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:10,9261094","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:10,9282717","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9286738","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:10,9288352","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:10,9308850","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9312848","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:10,9314466","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:10,9336121","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9340105","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:10,9341729","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:10,9362157","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9366145","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:10,9367764","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:10,9388267","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9392246","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:10,9393855","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:10,9414302","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9417946","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:10,9419564","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:10,9443622","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9447634","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:10,9449266","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:10,9455214","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9459301","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:10,9466079","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9471663","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:10,9473683","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:10,9487375","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9493360","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:10,9495804","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:10,9504864","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:10,9508083","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5f00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:10,9510914","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:10,9523724","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9530932","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:10,9533721","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:10,9551430","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:10,9591442","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9597035","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:10,9599041","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:10,9605488","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9610293","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:10,9614333","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:10,9631789","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9639402","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:10,9643834","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:10,9660675","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9665470","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:10,9668358","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:10,9683202","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9687984","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:10,9691189","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:10,9716454","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9722901","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:10,9724907","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:10,9747752","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9752169","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:10,9753802","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:10,9775812","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9779852","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:10,9781484","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:10,9803909","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9807949","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:10,9809572","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:10,9832851","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9836862","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:10,9838798","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:10,9859712","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9861400","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:10,9863705","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:10,9865333","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:10,9866616","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:10,9870269","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:10,9873497","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:10,9876286","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:10,9878731","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:10,9881889","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:10,9885752","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9889754","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:10,9891373","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:10,9911866","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9915855","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:10,9917469","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:10,9922442","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:10,9928805","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:10,9941163","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9945156","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:10,9946770","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:10,9959361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:10,9967632","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9971620","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:10,9973234","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:10,9978837","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9983306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:10,9984043","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:10,9989707","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 390.318, Length: 16.200"
"12:27:10,9991288","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:10,9996909","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:10,9998911","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,0012579","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,0013325","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0017356","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\netbios.sys","NO SUCH FILE","Filter: netbios.sys"
"12:27:11,0018984","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:11,0020216","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:11,0024153","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:11,0031029","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:11,0033418","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x5f00000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:11,0035815","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:11,0037443","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,0041441","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Filter: netbios.sys, 1: netbios.sys"
"12:27:11,0045435","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:11,0050650","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:11,0071913","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,0077161","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:11,0079186","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,0085596","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,0089225","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,0090135","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0092784","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,0095709","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:11,0097753","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:11,0104195","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0109009","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:11,0113016","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,0119683","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,0124926","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:11,0126885","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:11,0129876","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0134657","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:11,0138627","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,0138674","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,0143502","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,0147537","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,0151927","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0156345","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:11,0159918","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,0163972","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,0168329","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:11,0171940","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,0173577","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0177986","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:11,0181181","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,0204017","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0204567","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 41.396, Length: 3.148"
"12:27:11,0208458","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:11,0210081","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:11,0210944","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:11,0234946","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0238976","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:11,0240604","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,0260412","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 40.456, Length: 4.088"
"12:27:11,0261802","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0265814","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:11,0267442","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:11,0278059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,0288668","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0292348","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,0293958","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,0315552","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0318957","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 40.448, Length: 4.096"
"12:27:11,0320016","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,0322046","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:11,0325381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 21.504, Length: 4.096"
"12:27:11,0344111","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0346304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 43.520, Length: 1.024"
"12:27:11,0348440","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:11,0350073","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:11,0355069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,0370520","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0374182","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:11,0375805","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:11,0396602","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0400250","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:11,0401864","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,0414483","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 41.396, Length: 3.148"
"12:27:11,0416913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,0423934","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0424923","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 23.552, Length: 4.096"
"12:27:11,0428132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 41.396, Length: 3.148"
"12:27:11,0428314","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:11,0429938","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,0450786","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0454438","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:11,0456374","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:11,0461660","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0466050","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,0472459","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0477703","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:11,0479709","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,0493289","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0498499","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:11,0502101","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:11,0504536","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:11,0513628","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,0516460","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:11,0522496","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:11,0593763","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\netbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,0731399","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:11,0777252","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0783316","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:11,0786129","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,0794582","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0800591","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:11,0806571","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,0833722","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0840616","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:11,0847432","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,0863876","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0868676","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:11,0871881","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,0887089","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0891530","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:11,0894721","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,0918419","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0924404","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:11,0926047","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,0949712","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0954106","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:11,0955730","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,0977791","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,0981817","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:11,0983757","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:11,1005888","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1009895","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,1011519","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,1033565","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1037559","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,1039173","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:11,1053037","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:11,1057390","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,1059829","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:11,1060436","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1062227","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:11,1064205","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:11,1064438","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:11,1066057","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:11,1066631","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:11,1068674","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:11,1086527","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1090520","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:11,1092134","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:11,1112992","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1116971","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:11,1118599","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,1120036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:11,1130985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,1140305","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1144294","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:11,1145913","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,1166523","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:11,1167549","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1171565","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:11,1173189","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:11,1178806","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1183209","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,1189647","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1195236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,1195268","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:11,1197274","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,1201300","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 779.442, Length: 16.200"
"12:27:11,1212058","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1217334","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:11,1220086","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:11,1224961","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,1230130","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\wanarp.sys","NO SUCH FILE","Filter: wanarp.sys"
"12:27:11,1232989","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:11,1259585","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,1262052","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:11,1264851","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Filter: wanarp.sys, 1: wanarp.sys"
"12:27:11,1269689","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:11,1270879","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:11,1285312","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:11,1288909","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,1304173","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,1310881","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1311394","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:11,1314599","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,1318452","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:11,1322539","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:11,1325837","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,1331066","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,1333427","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:11,1336263","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,1337443","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,1340159","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:11,1343909","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:27:11,1347926","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:27:11,1351476","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:11,1362933","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:11,1376396","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,1379988","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:11,1381626","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:11,1388045","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,1391996","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,1395220","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,1402250","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1407400","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:11,1409075","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:11,1413301","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,1415470","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1417271","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:11,1420275","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:11,1420508","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,1425449","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,1439150","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1443582","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:11,1447155","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,1452184","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 81.564, Length: 4.096"
"12:27:11,1457824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:11,1460348","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1464434","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:11,1467611","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,1476642","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 80.448, Length: 4.096"
"12:27:11,1480874","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1485249","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:11,1488109","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,1496697","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,1510132","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1514149","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:11,1515782","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:11,1537455","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1541794","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:11,1543431","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:11,1544098","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:11,1549654","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:11,1564727","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1568725","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,1570348","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,1575335","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 86.016, Length: 2.560"
"12:27:11,1591541","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1595227","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,1597167","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:11,1597443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,1601879","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 79.872, Length: 4.096"
"12:27:11,1618421","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1622494","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:11,1624467","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:11,1644928","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1648930","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:11,1650554","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:11,1666806","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,1671411","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1674476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 25.600, Length: 4.096"
"12:27:11,1675409","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:11,1677023","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,1678856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 81.564, Length: 4.096"
"12:27:11,1683675","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,1689282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:11,1694540","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:11,1697894","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1700129","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:11,1701897","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:11,1703506","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,1705381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:11,1710587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:11,1716601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:11,1725026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:11,1729873","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1730512","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,1733427","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:11,1733735","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:11,1736609","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:11,1737313","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:11,1739412","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:11,1740588","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:11,1743326","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:11,1745388","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,1747110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:11,1747404","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:11,1747879","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1749783","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:11,1752171","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:11,1753118","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,1754191","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:11,1756552","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:11,1756612","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,1758628","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:11,1760732","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1760997","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:11,1762635","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:11,1763400","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:11,1765392","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:11,1767071","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,1767524","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:11,1768606","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:11,1769073","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:11,1769558","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,1771400","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:11,1773868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:11,1773882","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:11,1775874","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:11,1779093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:11,1784686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:11,1785167","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1789925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:11,1790779","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:11,1793200","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:11,1795136","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:11,1801765","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:11,1802273","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:11,1807540","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:11,1811431","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:11,1818223","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:11,1827861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 86.016, Length: 2.560"
"12:27:11,1831635","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:11,1845518","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 81.564, Length: 4.096"
"12:27:11,1850323","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,1854773","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:11,1859182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:11,1864341","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:11,1868810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:11,1873219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:11,1877618","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:11,1882031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:11,1886449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:11,1890852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:11,1895251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:11,1899660","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:11,1904456","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:11,1908953","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:11,1913702","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:11,1918105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:11,1921408","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:11,1923344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:11,1930482","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:11,1937283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:11,1941771","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:11,1945535","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1946534","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:11,1950289","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:11,1950970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 86.016, Length: 2.560"
"12:27:11,1951964","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,1957968","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1962749","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:11,1966407","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,1970983","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 81.564, Length: 4.096"
"12:27:11,1980019","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,1984437","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:11,1988010","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,2000834","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2004916","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:11,2008102","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,2020969","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2025778","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:11,2028964","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,2041634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 88.064, Length: 512"
"12:27:11,2051790","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:11,2073842","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2077872","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: DNCI"
"12:27:11,2079505","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,2099970","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2103982","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:11,2105596","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:11,2128455","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2132467","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,2134085","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,2151929","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wanarp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,2154896","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2158586","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,2160527","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:11,2181412","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2185405","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:11,2187029","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:11,2207452","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2211119","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:11,2212737","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:11,2233958","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2237947","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:11,2239561","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,2260017","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2263679","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:11,2265289","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,2286094","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2289761","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:11,2291380","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:11,2296969","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2301377","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,2307801","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2313389","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:11,2315409","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,2330221","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:11,2411695","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:11,2414909","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:11,2426805","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,2429553","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,2433042","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:11,2443939","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:11,2446743","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:11,2449547","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:11,2473595","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:11,2513676","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2519270","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:11,2521262","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:11,2528875","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2537822","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:11,2542679","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,2559925","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2564749","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:11,2568336","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,2581995","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2586408","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:11,2589581","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,2602848","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2607238","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:11,2609365","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:11,2610419","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,2613423","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,2616176","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:11,2618252","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:11,2620211","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:11,2622586","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:11,2624624","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:11,2637686","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2642141","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, FileAttributes: ANCI"
"12:27:11,2643783","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:11,2662499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:11,2666213","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2668116","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,2670602","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:11,2672230","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,2693139","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2697477","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:11,2699110","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:11,2700108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:11,2720350","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2728276","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,2729619","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,2731639","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,2734648","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 16.746, Length: 16.200"
"12:27:11,2753653","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2756751","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,2757693","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,2759312","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:11,2761971","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\termdd.sys","NO SUCH FILE","Filter: termdd.sys"
"12:27:11,2765181","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:11,2782413","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,2782581","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2786420","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Filter: termdd.sys, 1: termdd.sys"
"12:27:11,2786994","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:11,2788622","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:11,2790442","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:11,2811075","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2815068","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:11,2817018","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:11,2817704","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,2823703","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:11,2825770","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,2832207","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,2836182","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,2839415","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,2841547","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2845554","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:11,2847159","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,2867036","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,2869205","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2870283","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:11,2871911","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:11,2873227","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:11,2874873","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,2879095","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,2883084","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,2886326","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,2902775","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,2906423","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:11,2907477","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2909968","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,2912683","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:11,2914670","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:11,2921048","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2928684","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,2935565","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2935696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 51.168, Length: 4.096"
"12:27:11,2941261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:11,2941522","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:11,2943537","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,2957747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 49.672, Length: 4.096"
"12:27:11,2958419","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,2966027","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:11,2969657","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:11,2972423","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:11,2976594","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,2980787","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:11,2984352","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:11,2988363","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:11,2990766","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:08, LastWriteTime: 06.10.2013 12:27:08, ChangeTime: 06.10.2013 12:27:08, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:11,3000450","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:","SUCCESS","Offset: 39.956.480, Length: 104, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:11,3017543","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 56.320, Length: 7.040"
"12:27:11,3023976","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 48.128, Length: 4.096"
"12:27:11,3034943","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:11,3037575","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 53.760, Length: 4.096"
"12:27:11,3040374","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 51.712, Length: 4.096"
"12:27:11,3043569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 37.376, Length: 4.096"
"12:27:11,3069684","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 56.320, Length: 4.096"
"12:27:11,3073705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 54.272, Length: 4.096"
"12:27:11,3074199","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3079769","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:11,3081794","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:11,3082517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,3088222","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3093013","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:11,3096689","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,3099344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 56.320, Length: 4.096"
"12:27:11,3110656","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3115088","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:11,3118330","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,3119417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 29.696, Length: 4.096"
"12:27:11,3133464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 56.320, Length: 4.096"
"12:27:11,3141096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 60.416, Length: 2.944"
"12:27:11,3146334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:11,3147683","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3153290","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:11,3156924","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,3171735","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3176186","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:11,3179409","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,3202072","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,3203429","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3207283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 4.096, Length: 52.224"
"12:27:11,3208230","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:11,3209872","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:11,3234312","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3238351","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:11,3239984","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,3261205","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3265226","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:11,3266855","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:11,3269845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 57.707, Length: 4.096"
"12:27:11,3288496","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3292535","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,3294154","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,3295950","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:11,3316192","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3320199","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,3333349","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:11,3345320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 51.168, Length: 4.096"
"12:27:11,3347736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,3353950","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:11,3355294","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 40.448, Length: 4.096"
"12:27:11,3358359","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:11,3359334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 51.168, Length: 4.096"
"12:27:11,3361955","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:11,3364512","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,3367446","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3367609","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:11,3372279","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:11,3373767","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:11,3374276","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:11,3377863","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:11,3379038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:11,3380690","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:11,3383517","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:11,3385462","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:11,3386307","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:11,3388704","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:11,3391018","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:11,3391135","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:11,3393542","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:11,3395968","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:11,3396252","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:11,3397960","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:11,3400348","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:11,3401482","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:11,3402345","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:11,3404346","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:11,3406492","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3406721","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:11,3406814","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3409188","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:11,3411577","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:11,3411698","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:11,3412738","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:11,3413634","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:11,3414936","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:11,3416018","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:11,3418285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:11,3418411","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:11,3420440","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:11,3424354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:11,3427648","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:11,3429584","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:11,3429644","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:11,3432038","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:11,3434445","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:11,3434809","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:11,3436460","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:11,3438466","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3440019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:11,3440103","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:11,3442109","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3443845","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3445230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:11,3448248","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:11,3449685","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3450446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 61.440, Length: 1.920"
"12:27:11,3450651","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,3452125","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3454919","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3456958","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:11,3459374","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3461721","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3463741","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3466106","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3466829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 51.168, Length: 4.096"
"12:27:11,3468131","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3470188","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3471247","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,3472185","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:11,3474559","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3475707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:11,3476546","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:11,3478300","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3479798","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3480138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:11,3481841","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3483101","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:11,3484220","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3484869","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:11,3486996","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:11,3489426","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3491442","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3492519","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:11,3493457","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3494721","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,3495482","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3496979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:11,3497837","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3500207","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3501411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:11,3503030","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:11,3505063","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3506169","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:11,3507041","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:11,3510605","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:11,3515037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:11,3515522","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3517878","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3519203","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3519777","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:11,3520281","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3524605","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:11,3524703","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:11,3526882","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:11,3528855","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:11,3529051","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3531458","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:11,3532704","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3534770","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3534896","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3536678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:11,3537154","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3539151","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3539706","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,3541119","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:11,3541203","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3543190","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:11,3545210","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3545868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 61.440, Length: 1.920"
"12:27:11,3546890","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3547170","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:11,3552497","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:11,3554503","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,3568377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 51.168, Length: 4.096"
"12:27:11,3568974","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3572169","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3575332","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3577380","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:11,3580142","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3580641","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3589033","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:11,3592038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 56.320, Length: 4.096"
"12:27:11,3593045","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:11,3596250","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:11,3596586","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3599003","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3601438","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3603448","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:11,3606229","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3614108","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:11,3617420","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,3620261","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976211, endtime: 976211, seqnum: 0, connid: 0"
"12:27:11,3629521","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,3631466","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976211, endtime: 976211, seqnum: 0, connid: 0"
"12:27:11,3643954","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,3645928","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,3647127","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,3648382","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976211, endtime: 976211, seqnum: 0, connid: 0"
"12:27:11,3649781","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:11,3651983","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3652212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 55.808, Length: 4.096"
"12:27:11,3654418","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3657161","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,3659172","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:11,3661593","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3663599","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:11,3665441","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:11,3667807","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:11,3671548","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:11,3767124","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:11,3768533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\termdd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,3791606","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3796024","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:11,3798007","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,3804043","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3808816","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:11,3812492","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,3828460","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3832924","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:11,3836171","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,3849336","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3853418","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:11,3856585","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,3869465","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3873841","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:11,3877023","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,3899932","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:11,3924032","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3928440","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:11,3930399","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,3947016","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,3950580","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976212, endtime: 976212, seqnum: 0, connid: 0"
"12:27:11,3951676","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3955707","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:11,3957330","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:11,3965844","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,3967822","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,3969007","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,3969851","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,3971419","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976212, endtime: 976212, seqnum: 0, connid: 0"
"12:27:11,3989631","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,3994842","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,3996852","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:11,4020513","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,4025286","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:11,4026928","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:11,4049795","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,4054162","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:11,4055809","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:11,4077030","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,4081042","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:11,4082721","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:11,4104381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,4108397","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:11,4110347","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:11,4134992","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,4141379","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:11,4144182","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:11,4174160","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,4179408","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:11,4181904","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:11,4189400","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,4194583","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,4202635","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,4208681","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:11,4211106","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:11,4219088","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:11,4241452","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,4268733","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4271551","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4273547","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976212, endtime: 976212, seqnum: 0, connid: 0"
"12:27:11,4293780","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:11,4300306","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:11,4304668","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,4307098","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:11,4309482","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:11,4311133","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:11,4313097","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:11,4315113","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:11,4337864","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:11,4339133","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:11,4355969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:11,4358581","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:11,4361609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,4366661","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:11,4379424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:11,4380707","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:11,4409770","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,4415821","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.947.462, Length: 16.200"
"12:27:11,4439453","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,4443899","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\rdbss.sys","NO SUCH FILE","Filter: rdbss.sys"
"12:27:11,4446745","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:11,4462783","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,4466753","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Filter: rdbss.sys, 1: rdbss.sys"
"12:27:11,4470760","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:11,4496492","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,4502062","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:11,4504068","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,4510133","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,4514075","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,4517303","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,4544631","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,4547854","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:11,4549795","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:11,4555841","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,4559456","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,4562679","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,4575900","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,4579511","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:11,4582716","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,4608774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 287.072, Length: 4.096"
"12:27:11,4612828","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 286.720, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,4630812","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:11,4634185","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:11,4636965","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:11,4639004","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:11,4642204","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:11,4645791","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:11,4663677","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,4705844","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 280.576, Length: 4.096"
"12:27:11,4709417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 278.528, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,4734589","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 284.672, Length: 4.096"
"12:27:11,4768275","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 288.768, Length: 4.096"
"12:27:11,4774274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:11,4778291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 292.864, Length: 4.096"
"12:27:11,4810204","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 296.960, Length: 4.096"
"12:27:11,4833884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 301.056, Length: 4.096"
"12:27:11,4837751","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.806.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4841315","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.806.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4843130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,4843321","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.806.959, Length: 7.300"
"12:27:11,4846965","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.814.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4847898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:11,4869217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 72.704, Length: 4.096"
"12:27:11,4870798","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.814.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4873602","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.814.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4875230","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.814.259, Length: 1.460"
"12:27:11,4877991","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.815.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4895681","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 96.256, Length: 4.096"
"12:27:11,4906649","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.815.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4910660","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.815.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4915115","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.815.719, Length: 5.840"
"12:27:11,4919057","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.821.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4927795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 287.072, Length: 4.096"
"12:27:11,4930202","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,4937769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 104.960, Length: 4.096"
"12:27:11,4941407","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 287.072, Length: 4.096"
"12:27:11,4946572","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,4948629","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.821.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4951433","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.821.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4951838","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:11,4953396","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.821.559, Length: 2.920"
"12:27:11,4953774","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4956177","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4956289","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.824.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,4957422","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:11,4957758","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4959344","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4960590","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4962629","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:11,4964215","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4965777","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4966626","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4967863","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:11,4968194","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 11680, startime: 976213, endtime: 976213, seqnum: 0, connid: 0"
"12:27:11,4973064","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:11,4978266","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:11,4983094","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4983500","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:11,4985478","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4987059","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,4988711","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976213, endtime: 976213, seqnum: 0, connid: 0"
"12:27:11,4988729","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:11,4993940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:11,4999127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:11,5004012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:11,5006694","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.824.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5009232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:11,5009558","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.824.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5011975","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.824.479, Length: 2.920"
"12:27:11,5014447","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:11,5015534","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.827.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5019649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:11,5025251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:11,5030472","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:11,5035678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:11,5040889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:11,5046090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:11,5051287","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:11,5053559","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.827.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5056367","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.827.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5056507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:11,5058345","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.827.399, Length: 8.760"
"12:27:11,5061587","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.836.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5061722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:11,5066602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:11,5071794","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:11,5076996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:11,5082188","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:11,5087063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:11,5092274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:11,5093547","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.836.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5097130","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.836.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5097484","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:11,5099164","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.836.159, Length: 4.380"
"12:27:11,5102369","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.840.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5102704","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:11,5107901","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:11,5113103","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:11,5115920","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 131.072, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5130750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:11,5134366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 135.168, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5146388","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:11,5149191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 139.264, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5161801","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:11,5164226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 143.360, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5176696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:11,5179103","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 147.456, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5189702","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:11,5191769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 151.552, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5202713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:11,5204775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 155.648, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5215765","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:11,5217813","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 159.744, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5230031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:11,5232410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 163.840, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5249512","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:11,5251574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 167.936, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5258534","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5261762","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976213, endtime: 976213, seqnum: 0, connid: 0"
"12:27:11,5262737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:11,5264795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 172.032, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5274591","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5275104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:11,5276569","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5277161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 176.128, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5277437","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5279018","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976213, endtime: 976213, seqnum: 0, connid: 0"
"12:27:11,5288983","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:11,5292612","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 180.224, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5304064","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:11,5306462","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 184.320, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5317294","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:11,5319347","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 188.416, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5329274","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.840.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5329736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:11,5331793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 192.512, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5332414","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.840.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5334060","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.840.539, Length: 1.460"
"12:27:11,5339421","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.841.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5342471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:11,5345676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 196.608, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5356961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:11,5359349","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 200.704, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5370289","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:11,5372337","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 204.800, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5374581","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.841.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5377813","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.841.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5379801","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.841.999, Length: 4.380"
"12:27:11,5382637","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.846.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5384596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:11,5388160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 208.896, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5397845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:11,5400602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 212.992, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5413524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:11,5415913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 217.088, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5427360","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:11,5429413","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 221.184, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5439807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:11,5441855","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 225.280, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5452785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:11,5454833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 229.376, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5465105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:11,5467470","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 233.472, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5478069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:11,5480108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 237.568, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5490711","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:11,5492754","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 241.664, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5502789","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:11,5504837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 245.760, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5515104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:11,5517460","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 249.856, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5528535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:11,5530578","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 253.952, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5543556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:11,5547144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 258.048, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5557598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:11,5559641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 262.144, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5571108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:11,5573146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 266.240, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5578922","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5582126","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976213, endtime: 976213, seqnum: 0, connid: 0"
"12:27:11,5586610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:11,5588653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 270.336, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5594610","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5596565","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5597754","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5599014","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976213, endtime: 976213, seqnum: 0, connid: 0"
"12:27:11,5602158","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:11,5606552","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 274.432, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,5619460","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:11,5630274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:11,5637486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:11,5642426","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.846.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5644297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:11,5645239","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.846.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5646853","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.846.379, Length: 1.460"
"12:27:11,5649634","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.847.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5652573","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:11,5663078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:11,5672222","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:11,5678281","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 307.200, Length: 2.048"
"12:27:11,5690089","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.847.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5691773","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.847.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5693349","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.847.839, Length: 4.380"
"12:27:11,5695780","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.852.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5697646","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 287.072, Length: 4.096"
"12:27:11,5703267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,5707727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:11,5712154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:11,5716576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:11,5721381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:11,5726597","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:11,5731346","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:11,5736165","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:11,5741390","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:11,5746218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:11,5750659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:11,5755067","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:11,5759480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:11,5763889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:11,5768293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:11,5772701","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:11,5777114","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:11,5781523","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:11,5785931","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:11,5790339","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:11,5795536","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:11,5800364","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:11,5804778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:11,5809233","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:11,5813650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:11,5818059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:11,5826269","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:11,5832679","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:11,5837153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:11,5841575","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:11,5845993","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:11,5850401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:11,5854800","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:11,5859209","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:11,5863617","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:11,5868030","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:11,5872434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:11,5876842","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:11,5881256","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:11,5885664","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:11,5890068","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:11,5894471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:11,5898875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:11,5902962","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:11,5903475","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5906269","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5907366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:11,5908275","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976214, endtime: 976214, seqnum: 0, connid: 0"
"12:27:11,5911769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:11,5916178","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:11,5920586","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:11,5921944","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5923912","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5925130","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5925979","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,5926175","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:11,5927546","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976214, endtime: 976214, seqnum: 0, connid: 0"
"12:27:11,5930607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:11,5935024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:11,5941443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:11,5949402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:11,5955042","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:11,5959516","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:11,5964265","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:11,5968678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:11,5970259","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.852.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5973044","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.852.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5973109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:11,5974705","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.852.219, Length: 2.920"
"12:27:11,5977574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:11,5978241","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.855.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,5985766","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:11,5991023","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:11,5995800","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:11,6000236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:11,6004663","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:11,6009100","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:11,6009380","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.855.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6012174","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.855.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6014157","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.855.139, Length: 5.840"
"12:27:11,6014647","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:11,6018164","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.860.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6022297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:11,6027499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:11,6032271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:11,6036698","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:11,6041120","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:11,6045529","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:11,6049942","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:11,6054350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:11,6058759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:11,6063177","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 307.200, Length: 2.048"
"12:27:11,6082844","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 287.072, Length: 4.096"
"12:27:11,6220536","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6223690","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6225700","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976214, endtime: 976214, seqnum: 0, connid: 0"
"12:27:11,6249567","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6252352","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6254735","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976214, endtime: 976214, seqnum: 0, connid: 0"
"12:27:11,6284661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdbss.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,6295619","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.860.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6298414","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.860.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6300047","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.860.979, Length: 2.920"
"12:27:11,6303247","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.863.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6336508","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.863.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6339307","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.863.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6340945","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.863.899, Length: 2.920"
"12:27:11,6343706","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.866.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6580278","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:11,6584336","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,6587089","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:11,6589463","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:11,6591119","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:11,6593074","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:11,6595094","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:11,6631261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:11,6636052","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,6653238","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:11,6672976","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,6678583","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.744.476, Length: 16.200"
"12:27:11,6700243","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,6704665","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\rdbss.sys.mui","NO SUCH FILE","Filter: rdbss.sys.mui"
"12:27:11,6707488","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:11,6723936","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,6727925","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Filter: rdbss.sys.mui, 1: rdbss.sys.mui"
"12:27:11,6731904","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:11,6758024","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,6763608","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:11,6766005","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,6772443","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,6776068","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,6779305","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,6806171","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,6809721","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:11,6811354","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:11,6817386","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,6821384","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,6826860","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,6848109","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,6852541","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:11,6856530","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,6899742","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6902559","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6904108","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6905288","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6906137","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6909300","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6910163","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6911334","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:11,6912575","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 11680, startime: 976215, endtime: 976215, seqnum: 0, connid: 0"
"12:27:11,6969441","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Offset: 4.096, Length: 1.024"
"12:27:11,6978631","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,6989893","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.866.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6993550","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.866.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,6996293","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.866.819, Length: 10.220"
"12:27:11,7000753","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.877.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,7027987","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.877.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,7030795","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.877.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,7032759","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.877.039, Length: 1.460"
"12:27:11,7035213","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.878.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:11,7064966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Offset: 4.096, Length: 1.024"
"12:27:11,7078947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,7088221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Offset: 4.096, Length: 1.024"
"12:27:11,7243832","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\rdbss.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,7721108","Windows7FirewallService.exe","2128","CreateFile","C:\SystemRoot\System32\smss.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:11,7740253","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:11,7744326","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,7747125","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:11,7749504","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:11,7751146","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:11,7753124","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:11,7755144","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:11,7756777","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\csrss.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,7770454","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\csrss.exe","SUCCESS","CreationTime: 14.07.2009 01:19:49, LastAccessTime: 14.07.2009 01:19:49, LastWriteTime: 14.07.2009 03:39:02, ChangeTime: 11.05.2013 14:06:59, FileAttributes: A"
"12:27:11,7773244","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\csrss.exe","SUCCESS",""
"12:27:11,7780876","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,7786446","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,7790061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:11,7790943","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,7795706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,7806594","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,7812145","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,7816171","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,7830334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:11,7836646","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,7842683","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\csrss.exe","SUCCESS","Filter: csrss.exe, 1: csrss.exe"
"12:27:11,7847068","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,7853860","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,7859878","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.924.944, Length: 16.200"
"12:27:11,7875137","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wininit.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,7882578","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,7887373","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\nsiproxy.sys","NO SUCH FILE","Filter: nsiproxy.sys"
"12:27:11,7888423","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wininit.exe","SUCCESS","CreationTime: 14.07.2009 01:52:37, LastAccessTime: 14.07.2009 01:52:37, LastWriteTime: 14.07.2009 03:39:52, ChangeTime: 06.09.2013 09:34:00, FileAttributes: A"
"12:27:11,7890252","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:11,7891185","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wininit.exe","SUCCESS",""
"12:27:11,7898415","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,7903607","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,7909509","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,7910684","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,7914719","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Filter: nsiproxy.sys, 1: nsiproxy.sys"
"12:27:11,7918717","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:11,7932409","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,7938823","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,7943610","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,7949236","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,7959933","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:11,7962680","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,7968596","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,7971133","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,7975080","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wininit.exe","SUCCESS","Filter: wininit.exe, 1: wininit.exe"
"12:27:11,7975551","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,7979973","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,7980249","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,8011663","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,8011947","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\csrss.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8014914","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:11,8016892","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:11,8024137","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,8027249","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\csrss.exe","SUCCESS","CreationTime: 14.07.2009 01:19:49, LastAccessTime: 14.07.2009 01:19:49, LastWriteTime: 14.07.2009 03:39:02, ChangeTime: 11.05.2013 14:06:59, FileAttributes: A"
"12:27:11,8028116","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,8030034","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\csrss.exe","SUCCESS",""
"12:27:11,8031718","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,8039676","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8045293","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,8049655","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,8050765","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,8056727","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:11,8061182","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,8064541","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8069765","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,8073768","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,8088061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 21.348, Length: 3.228"
"12:27:11,8088215","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8093394","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\csrss.exe","SUCCESS","Filter: csrss.exe, 1: csrss.exe"
"12:27:11,8093673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:11,8097415","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,8110505","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 21.000, Length: 3.576"
"12:27:11,8125512","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\services.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8128544","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,8138765","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\services.exe","SUCCESS","CreationTime: 14.07.2009 01:19:46, LastAccessTime: 14.07.2009 01:19:46, LastWriteTime: 14.07.2009 03:39:37, ChangeTime: 11.05.2013 14:07:38, FileAttributes: A"
"12:27:11,8141513","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\services.exe","SUCCESS",""
"12:27:11,8148389","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8153222","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,8157187","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,8169107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 20.992, Length: 3.584"
"12:27:11,8171234","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8173118","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 17.920, Length: 4.096"
"12:27:11,8176403","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,8180065","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,8188364","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 23.040, Length: 1.536"
"12:27:11,8194465","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8197208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,8199303","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\services.exe","SUCCESS","Filter: services.exe, 1: services.exe"
"12:27:11,8203296","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,8230246","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\lsass.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8243047","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\lsass.exe","SUCCESS","CreationTime: 11.05.2013 14:10:27, LastAccessTime: 11.05.2013 14:10:27, LastWriteTime: 17.11.2011 08:33:55, ChangeTime: 11.05.2013 14:55:06, FileAttributes: A"
"12:27:11,8245463","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\lsass.exe","SUCCESS",""
"12:27:11,8252297","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8257135","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 21.348, Length: 3.228"
"12:27:11,8257457","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,8260727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,8261142","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,8269595","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 19.456, Length: 4.096"
"12:27:11,8275175","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8279998","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,8284005","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,8298038","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8304182","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\lsass.exe","SUCCESS","Filter: lsass.exe, 1: lsass.exe"
"12:27:11,8314729","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,8360017","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\lsm.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8376484","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\lsm.exe","SUCCESS","CreationTime: 21.11.2010 05:23:53, LastAccessTime: 21.11.2010 05:23:53, LastWriteTime: 21.11.2010 05:23:53, ChangeTime: 11.05.2013 14:07:12, FileAttributes: A"
"12:27:11,8379279","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\lsm.exe","SUCCESS",""
"12:27:11,8386915","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8392504","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,8396530","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,8411393","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8416636","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,8420653","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,8461653","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8467993","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nsiproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,8468441","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\lsm.exe","SUCCESS","Filter: lsm.exe, 1: lsm.exe"
"12:27:11,8473610","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,8503335","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8516957","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:11,8519397","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:11,8527434","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8532990","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,8537030","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,8551483","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8556693","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,8560701","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,8575171","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8580350","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:11,8584361","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,8611656","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8627746","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:11,8633988","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:11,8644419","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8651188","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,8656020","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,8672875","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8678478","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,8682518","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,8698938","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8704159","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:11,8708553","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,8739505","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\atiesrxx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8745481","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\atiesrxx.exe","SUCCESS","CreationTime: 29.09.2011 11:50:12, LastAccessTime: 11.05.2013 13:23:48, LastWriteTime: 29.09.2011 11:50:12, ChangeTime: 22.09.2013 09:54:10, FileAttributes: A"
"12:27:11,8747907","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\atiesrxx.exe","SUCCESS",""
"12:27:11,8755133","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8760288","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,8764309","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,8779578","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8784784","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,8788791","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,8804428","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8809322","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\atiesrxx.exe","SUCCESS","Filter: atiesrxx.exe, 1: atiesrxx.exe"
"12:27:11,8813674","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,8843791","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\winlogon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8857063","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\winlogon.exe","SUCCESS","CreationTime: 21.11.2010 05:24:29, LastAccessTime: 21.11.2010 05:24:29, LastWriteTime: 21.11.2010 05:24:29, ChangeTime: 11.05.2013 14:07:46, FileAttributes: A"
"12:27:11,8861817","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\winlogon.exe","SUCCESS",""
"12:27:11,8872630","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8880626","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,8885851","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,8905883","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8912768","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,8917186","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,8934801","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8940049","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\winlogon.exe","SUCCESS","Filter: winlogon.exe, 1: winlogon.exe"
"12:27:11,8945656","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,8981316","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,8995012","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:11,8997778","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:11,9009884","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9015860","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,9020725","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,9037599","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9043533","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:11,9047232","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,9062846","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9068043","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:11,9072068","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,9099737","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9112220","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:11,9114963","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:11,9116255","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:11,9120319","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:11,9122203","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9123523","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:11,9125935","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:11,9127400","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,9127913","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:11,9129569","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:11,9131081","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,9131916","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:11,9145454","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9150291","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:11,9153939","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,9166455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:11,9168713","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9172081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:11,9173938","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:11,9177959","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,9204867","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9205613","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:11,9217337","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:11,9220075","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:11,9226508","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,9227767","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9232097","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.440.078, Length: 16.200"
"12:27:11,9232941","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,9236967","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,9251802","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9252585","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,9257381","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\mssmbios.sys","NO SUCH FILE","Filter: mssmbios.sys"
"12:27:11,9260222","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:11,9260754","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,9267938","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,9276260","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,9280239","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Filter: mssmbios.sys, 1: mssmbios.sys"
"12:27:11,9283901","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:11,9292863","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9303173","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:11,9310357","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,9310417","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,9315964","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:11,9317970","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,9324813","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,9328783","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,9332026","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,9346543","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9359684","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,9361401","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:11,9363286","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:11,9364928","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:11,9364979","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:11,9371328","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,9373017","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9374944","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,9378946","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:11,9378988","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,9383844","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,9397788","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:11,9399915","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9401800","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:11,9405532","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,9406232","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,9410342","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,9425932","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9431152","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:11,9434329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 20.104, Length: 4.096"
"12:27:11,9435187","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,9439908","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:11,9456390","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 19.464, Length: 4.096"
"12:27:11,9462851","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9468108","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS","CreationTime: 22.07.2013 21:33:32, LastAccessTime: 22.07.2013 21:33:32, LastWriteTime: 16.05.2013 03:14:56, ChangeTime: 22.07.2013 21:33:32, FileAttributes: N"
"12:27:11,9470525","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS",""
"12:27:11,9473608","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,9485359","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9490561","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT","SUCCESS","Filter: IDT, 1: IDT"
"12:27:11,9494549","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:11,9508624","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9513741","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 25.088, Length: 7.232"
"12:27:11,9513807","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM","SUCCESS","Filter: WDM, 1: WDM"
"12:27:11,9517804","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT","SUCCESS",""
"12:27:11,9519349","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 19.456, Length: 4.096"
"12:27:11,9524205","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 11.776, Length: 4.096"
"12:27:11,9532709","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9537850","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM\STacSV64.exe","SUCCESS","Filter: STacSV64.exe, 1: stacsv64.exe"
"12:27:11,9541451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 25.088, Length: 4.096"
"12:27:11,9541531","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM","SUCCESS",""
"12:27:11,9547026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 22.016, Length: 4.096"
"12:27:11,9556253","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,9571890","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 25.088, Length: 4.096"
"12:27:11,9577232","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9593191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 29.184, Length: 3.136"
"12:27:11,9593252","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:11,9596037","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:11,9598817","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:11,9603286","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9608492","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,9612163","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,9628174","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9633380","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,9637368","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,9651830","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9656164","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,9657031","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:11,9661034","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:11,9661356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 4.096, Length: 20.992"
"12:27:11,9688702","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\hpservice.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9693941","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\hpservice.exe","SUCCESS","CreationTime: 25.04.2012 14:02:52, LastAccessTime: 11.05.2013 13:48:04, LastWriteTime: 25.04.2012 14:02:52, ChangeTime: 11.05.2013 13:48:05, FileAttributes: A"
"12:27:11,9696273","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 26.460, Length: 4.096"
"12:27:11,9696357","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\hpservice.exe","SUCCESS",""
"12:27:11,9703215","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9708039","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,9711985","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,9733299","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9740927","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:11,9746170","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:11,9760086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 20.104, Length: 4.096"
"12:27:11,9762512","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,9769351","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 13.824, Length: 4.096"
"12:27:11,9772555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 20.104, Length: 4.096"
"12:27:11,9777057","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9783000","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","CreationTime: 16.12.2012 13:25:38, LastAccessTime: 13.05.2013 10:47:49, LastWriteTime: 16.12.2012 13:25:38, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:11,9785440","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS",""
"12:27:11,9807058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 25.088, Length: 4.096"
"12:27:11,9812539","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9818613","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","Filter: SbieSvc.exe, 1: SbieSvc.exe"
"12:27:11,9828993","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:27:11,9877677","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 24.064, Length: 4.096"
"12:27:11,9878703","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9884389","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS","CreationTime: 03.08.2013 09:34:58, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:34:58, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:11,9887146","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS",""
"12:27:11,9902424","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9908433","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:11,9912823","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:11,9953371","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\atieclxx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9959053","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\atieclxx.exe","SUCCESS","CreationTime: 29.09.2011 11:50:36, LastAccessTime: 11.05.2013 13:23:48, LastWriteTime: 29.09.2011 11:50:36, ChangeTime: 22.09.2013 09:54:10, FileAttributes: A"
"12:27:11,9961054","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mssmbios.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:11,9961833","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\atieclxx.exe","SUCCESS",""
"12:27:11,9969069","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9974270","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:11,9978277","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:11,9992720","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:11,9997922","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,0001929","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,0016414","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0022436","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\atieclxx.exe","SUCCESS","Filter: atieclxx.exe, 1: atieclxx.exe"
"12:27:12,0028039","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,0067262","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0090060","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:12,0093302","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:12,0101736","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0107717","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,0112125","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,0139028","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0145895","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,0151050","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,0168348","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0173941","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:12,0178354","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,0209675","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wlanext.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0226940","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wlanext.exe","SUCCESS","CreationTime: 14.07.2009 02:07:15, LastAccessTime: 14.07.2009 02:07:15, LastWriteTime: 14.07.2009 03:39:54, ChangeTime: 11.05.2013 14:07:46, FileAttributes: A"
"12:27:12,0231363","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wlanext.exe","SUCCESS",""
"12:27:12,0244145","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0250261","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,0250960","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,0254664","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,0255807","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,0257431","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:12,0259833","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:12,0261485","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:12,0263458","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:12,0265483","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:12,0272615","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0277882","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,0281917","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,0296817","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Synchronous"
"12:27:12,0297503","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0302369","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,0303138","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\WLANExt.exe","SUCCESS","Filter: WLANExt.exe, 1: wlanext.exe"
"12:27:12,0309516","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,0318589","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui","SUCCESS","Offset: 184, Length: 2.888"
"12:27:12,0337062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui","SUCCESS","Offset: 0, Length: 3.072"
"12:27:12,0342726","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 216.654, Length: 16.200"
"12:27:12,0344886","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\conhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0358932","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","CreationTime: 12.09.2013 20:28:20, LastAccessTime: 12.09.2013 20:28:20, LastWriteTime: 02.08.2013 03:09:17, ChangeTime: 12.09.2013 21:03:53, FileAttributes: A"
"12:27:12,0361680","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\conhost.exe","SUCCESS",""
"12:27:12,0363121","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,0367987","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\mssmbios.sys.mui","NO SUCH FILE","Filter: mssmbios.sys.mui"
"12:27:12,0368976","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0371607","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:12,0374527","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,0378534","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,0388037","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,0392044","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui","SUCCESS","Filter: mssmbios.sys.mui, 1: mssmbios.sys.mui"
"12:27:12,0393383","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0396047","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:12,0398594","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,0402274","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,0418700","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0423332","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,0425865","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\conhost.exe","SUCCESS","Filter: conhost.exe, 1: conhost.exe"
"12:27:12,0428940","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:12,0430302","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,0430964","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,0437724","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,0441376","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,0444605","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,0459220","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\spoolsv.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0473061","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,0473612","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\spoolsv.exe","SUCCESS","CreationTime: 11.05.2013 14:07:36, LastAccessTime: 11.05.2013 14:07:36, LastWriteTime: 11.02.2012 08:36:02, ChangeTime: 11.05.2013 14:55:02, FileAttributes: A"
"12:27:12,0476028","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\spoolsv.exe","SUCCESS",""
"12:27:12,0476653","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:12,0478319","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:12,0484080","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0484738","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,0488707","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,0492356","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,0494590","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,0501065","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,0507172","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,0510824","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:12,0514379","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,0523527","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0529913","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:12,0534299","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,0549954","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0555174","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\spoolsv.exe","SUCCESS","Filter: spoolsv.exe, 1: spoolsv.exe"
"12:27:12,0559224","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,0588902","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0602160","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:12,0604927","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:12,0612153","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0617345","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,0621389","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,0640656","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0647863","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,0653466","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,0671156","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0676385","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:12,0680733","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,0713271","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0718855","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, FileAttributes: ANCI"
"12:27:12,0721715","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:27:12,0755774","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0762972","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","CreationTime: 10.05.2013 00:57:24, LastAccessTime: 30.06.2013 18:43:15, LastWriteTime: 10.05.2013 00:57:24, ChangeTime: 30.06.2013 18:43:15, FileAttributes: A"
"12:27:12,0766238","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS",""
"12:27:12,0784702","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0790286","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe","SUCCESS","Filter: Adobe, 1: Adobe"
"12:27:12,0794316","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS",""
"12:27:12,0809100","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0813984","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS","Filter: ARM, 1: ARM"
"12:27:12,0817977","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe","SUCCESS",""
"12:27:12,0843943","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0850376","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS","Filter: 1.0, 1: 1.0"
"12:27:12,0854803","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS",""
"12:27:12,0879522","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0886763","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","Filter: armsvc.exe, 1: armsvc.exe"
"12:27:12,0891554","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS",""
"12:27:12,0950981","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0956961","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS","CreationTime: 13.02.2013 12:46:48, LastAccessTime: 11.05.2013 13:22:57, LastWriteTime: 13.02.2013 12:46:48, ChangeTime: 15.05.2013 16:19:51, FileAttributes: ANCI"
"12:27:12,0959406","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS",""
"12:27:12,0975010","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,0980226","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:12,0984261","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:12,1037167","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1042816","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS","CreationTime: 03.08.2013 09:35:05, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:35:05, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:12,1045261","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS",""
"12:27:12,1061280","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1066500","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:12,1070904","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,1099776","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1105420","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","CreationTime: 25.07.2012 10:46:42, LastAccessTime: 15.06.2013 07:13:50, LastWriteTime: 25.07.2012 10:46:42, ChangeTime: 15.06.2013 07:13:50, FileAttributes: ANCI"
"12:27:12,1107860","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS",""
"12:27:12,1127010","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1138318","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia","SUCCESS","Filter: Secunia, 1: Secunia"
"12:27:12,1143963","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,1164395","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1171230","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia\PSI","SUCCESS","Filter: PSI, 1: PSI"
"12:27:12,1176426","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia","SUCCESS",""
"12:27:12,1194900","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia\PSI","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1201323","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","Filter: sua.exe, 1: sua.exe"
"12:27:12,1206516","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia\PSI","SUCCESS",""
"12:27:12,1245011","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1261101","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskhost.exe","SUCCESS","CreationTime: 11.05.2013 14:09:45, LastAccessTime: 11.05.2013 14:09:45, LastWriteTime: 23.11.2012 05:13:57, ChangeTime: 11.05.2013 14:55:03, FileAttributes: A"
"12:27:12,1264721","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskhost.exe","SUCCESS",""
"12:27:12,1285172","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1292804","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,1299190","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,1319665","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1340942","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,1348514","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,1369021","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1376191","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskhost.exe","SUCCESS","Filter: taskhost.exe, 1: taskhost.exe"
"12:27:12,1382591","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,1520549","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,1524599","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,1529385","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:12,1532664","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:12,1537451","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:12,1540264","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:12,1542708","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1543436","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:12,1553503","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","CreationTime: 03.08.2013 09:35:27, LastAccessTime: 03.08.2013 09:36:29, LastWriteTime: 03.08.2013 09:35:27, ChangeTime: 03.08.2013 09:36:29, FileAttributes: A"
"12:27:12,1557174","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS",""
"12:27:12,1578405","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1584786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:12,1585645","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:12,1590384","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,1592031","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,1608825","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:12,1634352","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,1640384","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.238.226, Length: 16.200"
"12:27:12,1647055","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1658176","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","Filter: ALsvc.exe, 1: ALsvc.exe"
"12:27:12,1658652","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,1660434","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,1662272","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,1664856","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\discache.sys","NO SUCH FILE","Filter: discache.sys"
"12:27:12,1665010","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS",""
"12:27:12,1665094","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:12,1668463","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:12,1669470","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:12,1672274","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,1675133","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,1678730","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:12,1681529","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:12,1684757","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:12,1687151","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,1689315","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,1689567","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:12,1692324","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:12,1693742","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\discache.sys","SUCCESS","Filter: discache.sys, 1: discache.sys"
"12:27:12,1698132","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:12,1707924","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\dwm.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1727214","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\dwm.exe","SUCCESS","CreationTime: 14.07.2009 01:37:38, LastAccessTime: 14.07.2009 01:37:38, LastWriteTime: 14.07.2009 03:39:08, ChangeTime: 11.05.2013 14:07:03, FileAttributes: A"
"12:27:12,1729038","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,1731258","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\dwm.exe","SUCCESS",""
"12:27:12,1734673","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:12,1736688","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,1742473","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1748491","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,1750049","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,1753379","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,1755698","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,1758124","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,1784551","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1791437","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,1793438","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,1796237","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,1797856","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:12,1800300","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:12,1807932","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,1811953","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,1813880","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1815536","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,1819483","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\Dwm.exe","SUCCESS","Filter: Dwm.exe, 1: dwm.exe"
"12:27:12,1825118","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,1831145","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,1834807","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:12,1838352","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,1854022","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\explorer.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1859611","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\explorer.exe","SUCCESS","CreationTime: 11.05.2013 14:10:50, LastAccessTime: 11.05.2013 17:21:33, LastWriteTime: 25.02.2011 08:19:30, ChangeTime: 12.05.2013 08:15:45, FileAttributes: A"
"12:27:12,1862027","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\explorer.exe","SUCCESS",""
"12:27:12,1866058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 35.428, Length: 4.096"
"12:27:12,1869244","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1871670","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:12,1874814","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,1878495","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,1892914","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1897771","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\Explorer.EXE","SUCCESS","Filter: Explorer.EXE, 1: explorer.exe"
"12:27:12,1901750","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,1904236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,1946762","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 35.328, Length: 4.096"
"12:27:12,1951899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 30.208, Length: 4.096"
"12:27:12,1955878","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1961112","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS","CreationTime: 12.11.2012 18:00:09, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 12.11.2012 18:00:09, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:12,1963528","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS",""
"12:27:12,1977999","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,1978382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 38.400, Length: 2.048"
"12:27:12,1983159","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:12,1986825","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,1987283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,2030149","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2035724","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS","CreationTime: 11.02.2012 08:55:04, LastAccessTime: 10.08.2013 18:00:11, LastWriteTime: 11.02.2012 08:55:04, ChangeTime: 10.08.2013 18:00:11, FileAttributes: ANCI"
"12:27:12,2038131","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS",""
"12:27:12,2046211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 35.428, Length: 4.096"
"12:27:12,2048669","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,2054221","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2055891","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 33.280, Length: 4.096"
"12:27:12,2059450","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Microsoft SQL Server\90","SUCCESS","Filter: 90, 1: 90"
"12:27:12,2063411","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server","SUCCESS",""
"12:27:12,2068486","SynTPEnh.exe","3172","ReadFile","C:\Windows\System32\SynCOM.dll","SUCCESS","Offset: 901.120, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:12,2077462","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server\90","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2080555","SynTPEnh.exe","3172","ReadFile","C:\Windows\System32\SynCOM.dll","SUCCESS","Offset: 884.736, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:12,2082295","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Microsoft SQL Server\90\Shared","SUCCESS","Filter: Shared, 1: Shared"
"12:27:12,2085896","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server\90","SUCCESS",""
"12:27:12,2105578","SynTPEnh.exe","3172","ReadFile","C:\Windows\System32\SynCOM.dll","SUCCESS","Offset: 814.592, Length: 16.384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:12,2113210","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2118504","SynTPEnh.exe","3172","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"12:27:12,2125297","SynTPEnh.exe","3172","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\WheelScrollLines","NAME NOT FOUND","Length: 16"
"12:27:12,2128021","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:12,2128529","SynTPEnh.exe","3172","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop","SUCCESS",""
"12:27:12,2130461","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:12,2131762","SynTPEnh.exe","3172","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"12:27:12,2138839","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2146112","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,2152050","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,2165966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 39.936, Length: 512"
"12:27:12,2171368","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2178207","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,2184164","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,2199060","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2204228","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:12,2208231","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,2244655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\discache.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,2262420","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2268820","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS","CreationTime: 03.08.2013 09:35:07, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:35:07, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:12,2271269","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS",""
"12:27:12,2287695","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2293283","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:12,2297300","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,2327776","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2333034","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","CreationTime: 14.09.2012 15:09:22, LastAccessTime: 18.11.2012 10:45:57, LastWriteTime: 14.09.2012 15:09:22, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:12,2335441","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS",""
"12:27:12,2350243","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2355085","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SynTP","SUCCESS","Filter: SynTP, 1: SynTP"
"12:27:12,2358705","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics","SUCCESS",""
"12:27:12,2372775","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2377589","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","Filter: SynTPEnh.exe, 1: SynTPEnh.exe"
"12:27:12,2381550","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP","SUCCESS",""
"12:27:12,2418114","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2425335","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS","CreationTime: 19.08.2009 16:31:40, LastAccessTime: 11.05.2013 13:45:36, LastWriteTime: 19.08.2009 16:31:40, ChangeTime: 15.05.2013 16:19:50, FileAttributes: ANCI"
"12:27:12,2428106","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS",""
"12:27:12,2457417","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2462646","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","CreationTime: 22.07.2013 21:33:32, LastAccessTime: 22.07.2013 21:33:32, LastWriteTime: 16.05.2013 03:14:56, ChangeTime: 22.07.2013 21:33:32, FileAttributes: N"
"12:27:12,2465048","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS",""
"12:27:12,2480233","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2485075","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT","SUCCESS","Filter: IDT, 1: IDT"
"12:27:12,2488737","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:12,2503138","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2507980","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM","SUCCESS","Filter: WDM, 1: WDM"
"12:27:12,2511605","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT","SUCCESS",""
"12:27:12,2529626","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2536432","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","Filter: sttray64.exe, 1: sttray64.exe"
"12:27:12,2541662","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM","SUCCESS",""
"12:27:12,2578963","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2584594","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:49:08, ChangeTime: 05.08.2013 09:19:04, FileAttributes: ANCI"
"12:27:12,2588176","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS",""
"12:27:12,2616675","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\igfxpers.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2623085","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\igfxpers.exe","SUCCESS","CreationTime: 09.08.2011 09:03:00, LastAccessTime: 11.05.2013 13:23:49, LastWriteTime: 09.08.2011 09:03:00, ChangeTime: 22.09.2013 09:54:27, FileAttributes: A"
"12:27:12,2626714","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\igfxpers.exe","SUCCESS",""
"12:27:12,2635139","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2640354","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,2644343","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,2659234","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2664445","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:12,2668456","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,2683300","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2688469","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\igfxpers.exe","SUCCESS","Filter: igfxpers.exe, 1: igfxpers.exe"
"12:27:12,2692481","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,2720182","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2733407","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","CreationTime: 21.11.2010 05:24:15, LastAccessTime: 21.11.2010 05:24:15, LastWriteTime: 21.11.2010 05:24:15, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:27:12,2735838","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS",""
"12:27:12,2742658","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2748298","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,2752254","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,2767084","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2771968","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,2776367","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,2790833","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2795648","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem","SUCCESS","Filter: wbem, 1: wbem"
"12:27:12,2799655","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,2815684","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2820493","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem\wmiprvse.exe","SUCCESS","Filter: wmiprvse.exe, 1: WmiPrvSE.exe"
"12:27:12,2825723","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:27:12,2854553","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2867442","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:12,2869858","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:12,2876674","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2881488","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,2885108","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,2899061","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,2899127","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2903432","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,2903955","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,2905877","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:12,2907589","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,2908307","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:12,2910304","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:12,2912273","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:12,2914288","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:12,2934562","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2941023","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:12,2945861","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,2950782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:12,2955578","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,2973375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:12,2977900","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,2983932","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","CreationTime: 16.09.2011 14:39:24, LastAccessTime: 11.05.2013 13:36:02, LastWriteTime: 16.09.2011 14:39:24, ChangeTime: 11.05.2013 13:36:02, FileAttributes: A"
"12:27:12,2986381","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS",""
"12:27:12,3004976","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,3008012","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3011012","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 375.738, Length: 16.200"
"12:27:12,3013251","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","Filter: nusb3mon.exe, 1: nusb3mon.exe"
"12:27:12,3017291","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application","SUCCESS",""
"12:27:12,3035802","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,3041069","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\csc.sys","NO SUCH FILE","Filter: csc.sys"
"12:27:12,3045053","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:12,3058749","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3064356","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,3066712","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","CreationTime: 03.08.2013 09:35:27, LastAccessTime: 03.08.2013 09:36:30, LastWriteTime: 03.08.2013 09:35:27, ChangeTime: 03.08.2013 09:36:30, FileAttributes: A"
"12:27:12,3069161","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\csc.sys","SUCCESS","Filter: csc.sys, 1: csc.sys"
"12:27:12,3070775","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS",""
"12:27:12,3075823","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:12,3087961","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3093256","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:12,3097641","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,3109551","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,3115517","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:12,3117547","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,3120122","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3125608","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,3128523","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","Filter: ALMon.exe, 1: ALMon.exe"
"12:27:12,3133249","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,3133785","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS",""
"12:27:12,3138455","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,3163870","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3169487","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","CreationTime: 05.11.2012 16:14:34, LastAccessTime: 11.05.2013 13:47:14, LastWriteTime: 05.11.2012 16:14:34, ChangeTime: 11.05.2013 13:47:14, FileAttributes: A"
"12:27:12,3171749","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,3174805","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS",""
"12:27:12,3175365","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:12,3177011","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:12,3183790","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,3187438","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,3191025","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,3198055","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3204124","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS","Filter: Shared, 1: Shared"
"12:27:12,3205421","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,3208920","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard","SUCCESS",""
"12:27:12,3209097","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:12,3212671","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,3225765","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3230999","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","Filter: hpqWmiEx.exe, 1: hpqWmiEx.exe"
"12:27:12,3235347","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS",""
"12:27:12,3241561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 501.760, Length: 4.096"
"12:27:12,3245965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 499.712, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,3261700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:12,3264261","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3277141","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","CreationTime: 21.11.2010 05:24:15, LastAccessTime: 21.11.2010 05:24:15, LastWriteTime: 21.11.2010 05:24:15, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:27:12,3279889","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS",""
"12:27:12,3282538","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 496.648, Length: 4.096"
"12:27:12,3285836","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 495.616, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,3287138","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3292353","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,3296370","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,3310785","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3312474","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,3316000","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,3319686","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,3334912","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3340090","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem","SUCCESS","Filter: wbem, 1: wbem"
"12:27:12,3344144","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,3357006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 500.736, Length: 4.096"
"12:27:12,3359399","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3361801","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 506.880, Length: 4.096"
"12:27:12,3364586","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem\wmiprvse.exe","SUCCESS","Filter: wmiprvse.exe, 1: WmiPrvSE.exe"
"12:27:12,3365407","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 507.904, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,3368575","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:27:12,3378297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 502.784, Length: 4.096"
"12:27:12,3383550","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 174.592, Length: 4.096"
"12:27:12,3387902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 172.032, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,3408358","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3417977","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS","CreationTime: 14.09.2012 15:09:22, LastAccessTime: 18.11.2012 10:45:57, LastWriteTime: 14.09.2012 15:09:22, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:12,3422059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 510.976, Length: 3.584"
"12:27:12,3425642","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS",""
"12:27:12,3426076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 512.000, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,3436437","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 508.928, Length: 4.096"
"12:27:12,3451729","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3460140","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SYNTP","SUCCESS","Filter: SYNTP, 1: SynTP"
"12:27:12,3466148","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics","SUCCESS",""
"12:27:12,3474587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 176.640, Length: 4.096"
"12:27:12,3478552","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 180.224, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,3503473","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 511.488, Length: 3.072"
"12:27:12,3514328","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,3545117","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3551933","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS","CreationTime: 23.04.2013 18:59:50, LastAccessTime: 22.07.2013 21:33:15, LastWriteTime: 23.04.2013 18:59:50, ChangeTime: 22.07.2013 21:33:15, FileAttributes: ANCI"
"12:27:12,3555068","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS",""
"12:27:12,3571544","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3576788","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:12,3581192","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:12,3589304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 501.760, Length: 4.096"
"12:27:12,3592131","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,3599744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 194.560, Length: 4.096"
"12:27:12,3602599","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 192.512, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,3616464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 501.760, Length: 4.096"
"12:27:12,3625733","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,3631704","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3634494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:12,3638972","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS","CreationTime: 23.04.2013 18:59:48, LastAccessTime: 22.07.2013 21:33:16, LastWriteTime: 23.04.2013 18:59:48, ChangeTime: 22.07.2013 21:33:16, FileAttributes: ANCI"
"12:27:12,3641795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:12,3642942","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS",""
"12:27:12,3649403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:12,3656648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:12,3664210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:12,3664606","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3671408","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:12,3671483","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:12,3677440","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:12,3678294","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:12,3685492","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:12,3692690","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:12,3699925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:12,3707151","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:12,3714363","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3714387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:12,3722009","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:12,3723983","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","CreationTime: 11.05.2013 13:36:13, LastAccessTime: 11.05.2013 13:36:13, LastWriteTime: 24.07.2012 20:00:08, ChangeTime: 11.05.2013 13:36:13, FileAttributes: ANCI"
"12:27:12,3728013","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS",""
"12:27:12,3729226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:12,3736807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:12,3744075","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:12,3748520","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3751319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:12,3755719","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Realtek","SUCCESS","Filter: Realtek, 1: Realtek"
"12:27:12,3758522","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:12,3761354","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,3765730","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:12,3772951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:12,3780191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:12,3787795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:12,3790589","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3795026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:12,3797410","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","Filter: RIconMan.exe, 1: RIconMan.exe"
"12:27:12,3802219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:12,3802998","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader","SUCCESS",""
"12:27:12,3809081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:12,3816242","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:12,3823897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:12,3831124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:12,3838378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:12,3845599","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:12,3853194","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:12,3857593","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3860424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:12,3867100","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS","CreationTime: 11.05.2013 13:23:00, LastAccessTime: 11.05.2013 13:23:00, LastWriteTime: 12.03.2013 13:20:32, ChangeTime: 11.05.2013 09:36:10, FileAttributes: A"
"12:27:12,3867590","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:12,3872087","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS",""
"12:27:12,3874835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:12,3881711","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:12,3889254","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:12,3893317","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3896485","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:12,3900525","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:12,3903711","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:12,3906155","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,3907326","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,3910928","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976222, endtime: 976222, seqnum: 0, connid: 0"
"12:27:12,3914954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:12,3922236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:12,3927377","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,3929354","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,3929854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:12,3930558","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,3932135","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976222, endtime: 976222, seqnum: 0, connid: 0"
"12:27:12,3937402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:12,3937803","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,3944222","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:12,3946867","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL","SUCCESS","Filter: DAL, 1: DAL"
"12:27:12,3950706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:12,3954699","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS",""
"12:27:12,3957881","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:12,3964342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:12,3970766","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:12,3977605","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:12,3984345","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.878.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,3984429","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:12,3987569","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.878.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,3989957","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.878.499, Length: 1.460"
"12:27:12,3991240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:12,3993601","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.879.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,3998410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:12,4002017","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4005637","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:12,4009658","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","CreationTime: 11.05.2013 13:22:45, LastAccessTime: 11.05.2013 13:22:45, LastWriteTime: 12.03.2013 13:20:34, ChangeTime: 11.05.2013 09:36:10, FileAttributes: A"
"12:27:12,4012858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:12,4013301","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS",""
"12:27:12,4017985","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.879.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4020784","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.879.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4023149","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.879.959, Length: 4.380"
"12:27:12,4024091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:12,4026377","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.884.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4031686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:12,4037736","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4038921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:12,4044603","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:12,4045793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:12,4051755","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:12,4053243","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,4056994","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:12,4062638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:12,4067872","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:12,4073074","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:12,4079885","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:12,4081769","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4085893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:12,4087806","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS","Filter: LMS, 1: LMS"
"12:27:12,4092186","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS",""
"12:27:12,4092280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:12,4097528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:12,4102748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:12,4107786","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4108337","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:12,4113048","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","Filter: LMS.exe, 1: LMS.exe"
"12:27:12,4113557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:12,4117438","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS",""
"12:27:12,4118763","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:12,4125574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:12,4131610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:12,4136868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:12,4142433","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:12,4147709","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:12,4152785","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4154235","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:12,4158816","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS","CreationTime: 11.05.2013 15:01:08, LastAccessTime: 11.05.2013 15:01:08, LastWriteTime: 11.05.2013 15:01:08, ChangeTime: 11.05.2013 15:05:08, FileAttributes: A"
"12:27:12,4162007","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS",""
"12:27:12,4163015","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:12,4168674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:12,4174234","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:12,4179459","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:12,4184665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:12,4189885","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:12,4195091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:12,4200293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:12,4201338","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4205191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:12,4206913","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS","CreationTime: 13.05.2013 16:08:26, LastAccessTime: 15.09.2013 13:17:55, LastWriteTime: 22.07.2013 00:25:30, ChangeTime: 15.09.2013 13:17:55, FileAttributes: ANCI"
"12:27:12,4209315","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS",""
"12:27:12,4210402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:12,4215939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:12,4221225","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:12,4228036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:12,4233382","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4234795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:12,4236246","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4238686","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976222, endtime: 976222, seqnum: 0, connid: 0"
"12:27:12,4242101","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:12,4249080","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4250078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:12,4255494","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4257938","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4259874","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4260495","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:12,4261922","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976222, endtime: 976222, seqnum: 0, connid: 0"
"12:27:12,4268173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:12,4271145","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:12,4277788","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:12,4279183","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:12,4286418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:12,4288210","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4292800","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:12,4295034","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,4298417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:12,4299867","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,4303651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:12,4308875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:12,4314091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:12,4317842","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4320468","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:12,4326313","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,4328538","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:12,4331930","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,4334911","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:12,4340131","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:12,4345025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:12,4350240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:12,4351220","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4355446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:12,4358007","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:12,4360648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:12,4363601","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,4365868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:12,4371069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:12,4376275","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:12,4381486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:12,4387523","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 466.944, Length: 4.096"
"12:27:12,4388488","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.884.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4391726","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.884.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4393569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 471.040, Length: 4.096"
"12:27:12,4394483","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.884.339, Length: 2.920"
"12:27:12,4397748","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.887.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4398103","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4399964","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 475.136, Length: 4.096"
"12:27:12,4404172","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","CreationTime: 20.06.2012 18:14:18, LastAccessTime: 11.05.2013 14:43:43, LastWriteTime: 20.06.2012 18:14:18, ChangeTime: 11.05.2013 14:43:53, FileAttributes: A"
"12:27:12,4405544","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 479.232, Length: 4.096"
"12:27:12,4406966","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS",""
"12:27:12,4411566","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 483.328, Length: 4.096"
"12:27:12,4417603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 487.424, Length: 4.096"
"12:27:12,4420621","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.887.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4424232","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.887.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4425239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 491.520, Length: 4.096"
"12:27:12,4426634","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.887.259, Length: 2.920"
"12:27:12,4432017","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.890.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4432461","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4432839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 495.616, Length: 4.096"
"12:27:12,4440027","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 499.712, Length: 4.096"
"12:27:12,4440890","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Winamp","SUCCESS","Filter: Winamp, 1: Winamp"
"12:27:12,4446899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 503.808, Length: 4.096"
"12:27:12,4447645","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,4454465","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 507.904, Length: 4.096"
"12:27:12,4461360","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 512.000, Length: 2.560"
"12:27:12,4467513","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.890.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4469365","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Winamp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4470667","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.890.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4472701","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.890.179, Length: 1.460"
"12:27:12,4475887","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.891.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4476559","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","Filter: winamp.exe, 1: winamp.exe"
"12:27:12,4482194","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Winamp","SUCCESS",""
"12:27:12,4485031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 501.760, Length: 4.096"
"12:27:12,4491827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,4497453","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:12,4503047","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:12,4508290","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:12,4513846","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:12,4519104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:12,4521497","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4524706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:12,4529143","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","CreationTime: 01.10.2013 13:42:31, LastAccessTime: 01.10.2013 13:42:43, LastWriteTime: 01.10.2013 13:42:43, ChangeTime: 05.10.2013 09:23:33, FileAttributes: A"
"12:27:12,4531139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:12,4533117","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS",""
"12:27:12,4536383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:12,4541925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:12,4547187","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:12,4549916","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4552748","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4552776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:12,4554012","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Mozilla Firefox","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4554800","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976222, endtime: 976222, seqnum: 0, connid: 0"
"12:27:12,4558010","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:12,4560855","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","Filter: firefox.exe, 1: firefox.exe"
"12:27:12,4563253","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:12,4566444","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Mozilla Firefox","SUCCESS",""
"12:27:12,4566785","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4568809","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:12,4569168","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4571226","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976222, endtime: 976222, seqnum: 0, connid: 0"
"12:27:12,4573306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:12,4578041","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:12,4582496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:12,4583649","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4585664","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4586942","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:12,4587684","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976222, endtime: 976222, seqnum: 0, connid: 0"
"12:27:12,4591346","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:12,4595759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:12,4600167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:12,4604576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:12,4608994","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:12,4613402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:12,4617820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:12,4623007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:12,4629818","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:12,4631045","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:12,4634665","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:12,4636638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:12,4637012","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4637497","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:12,4641462","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:12,4642264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:12,4647195","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS","CreationTime: 06.11.2012 09:18:34, LastAccessTime: 11.05.2013 13:42:02, LastWriteTime: 06.11.2012 09:18:34, ChangeTime: 11.05.2013 13:42:02, FileAttributes: A"
"12:27:12,4647886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:12,4650433","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS",""
"12:27:12,4651758","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:12,4653470","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:12,4658662","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:12,4663933","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:12,4669107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:12,4670478","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4670586","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.891.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4673389","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.891.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4673580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:12,4675787","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.891.639, Length: 2.920"
"12:27:12,4678605","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:12,4679150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:12,4679762","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.894.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4684338","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:12,4686176","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:12,4689628","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:12,4695170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:12,4699607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:12,4704015","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:12,4707038","Windows7FirewallService.exe","2128","QueryOpen","D:\Progs\Firefox 19.0.2 portable\Firefox\firefox.exe","SUCCESS","CreationTime: 03.10.2013 16:41:28, LastAccessTime: 03.10.2013 16:41:43, LastWriteTime: 03.10.2013 16:41:43, ChangeTime: 03.10.2013 16:46:19, AllocationSize: 278.528, EndOfFile: 274.840, FileAttributes: ANCI"
"12:27:12,4709207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:12,4709520","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.894.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4712678","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.896.064, EndOfFile: 407.894.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4713909","Windows7FirewallService.exe","2128","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4714852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:12,4717455","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.894.559, Length: 2.920, Priority: Normal"
"12:27:12,4719671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:12,4722750","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs","SUCCESS","Filter: Progs, 1: Progs"
"12:27:12,4725250","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:12,4728730","Windows7FirewallService.exe","2128","CloseFile","D:\","SUCCESS",""
"12:27:12,4731482","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:12,4736726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:12,4741545","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 407.896.064, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:12,4742282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:12,4747190","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.897.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4747558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:12,4749993","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.897.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4750436","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4752414","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.897.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4752774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:12,4754784","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.897.479, Length: 2.920"
"12:27:12,4757653","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Filter: Firefox, 1: Firefox"
"12:27:12,4757994","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.900.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4758334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:12,4762393","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS",""
"12:27:12,4763550","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:12,4768802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:12,4774046","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:12,4774480","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4779602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:12,4779691","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox\firefox.exe","SUCCESS","Filter: firefox.exe, 1: firefox.exe"
"12:27:12,4783343","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS",""
"12:27:12,4784090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:12,4789641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:12,4794096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:12,4798514","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:12,4803678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:12,4808889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:12,4813764","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:12,4818998","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:12,4825664","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4827143","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:12,4833679","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","CreationTime: 18.07.2012 20:47:26, LastAccessTime: 06.10.2013 10:27:28, LastWriteTime: 18.07.2012 20:47:26, ChangeTime: 06.10.2013 10:27:28, FileAttributes: A"
"12:27:12,4834784","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:12,4839300","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS",""
"12:27:12,4840774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:12,4845966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:12,4850827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:12,4855637","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:12,4860087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:12,4860922","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4864505","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:12,4866973","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Nuance","SUCCESS","Filter: Nuance, 1: Nuance"
"12:27:12,4868769","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4869296","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:12,4871969","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4873830","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS",""
"12:27:12,4874773","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976223, endtime: 976223, seqnum: 0, connid: 0"
"12:27:12,4877343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:12,4882922","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:12,4887783","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:12,4890830","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4892570","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:12,4893199","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4894487","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,4896805","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976223, endtime: 976223, seqnum: 0, connid: 0"
"12:27:12,4897015","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:12,4901778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:12,4903966","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Nuance","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4906210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:12,4910651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:12,4911948","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","Filter: dgnsvc.exe, 1: dgnsvc.exe"
"12:27:12,4915069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:12,4919482","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:12,4919622","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Nuance","SUCCESS",""
"12:27:12,4924231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:12,4931662","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:12,4937694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:12,4939700","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.900.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4942891","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.900.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4943292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:12,4947906","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.900.399, Length: 2.920"
"12:27:12,4948125","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:12,4951535","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.903.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,4952939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:12,4957707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:12,4962134","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:12,4966561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:12,4967238","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4970979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:12,4975392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:12,4979805","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:12,4981718","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskhost.exe","SUCCESS","CreationTime: 11.05.2013 14:09:45, LastAccessTime: 11.05.2013 14:09:45, LastWriteTime: 23.11.2012 05:13:57, ChangeTime: 11.05.2013 14:55:03, FileAttributes: A"
"12:27:12,4984237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:12,4984540","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskhost.exe","SUCCESS",""
"12:27:12,4992811","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:12,4993716","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,4999547","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:12,5000130","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,5004422","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:12,5004921","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,5009582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:12,5014816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:12,5019108","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.903.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5020190","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5020857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:12,5024076","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.903.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5026875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:12,5029940","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,5032473","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:12,5033550","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.903.319, Length: 2.920"
"12:27:12,5038090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:12,5038687","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.906.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5038943","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,5043361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:12,5048898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:12,5054151","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:12,5059087","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.906.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5060906","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:12,5062292","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.906.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5064363","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.906.239, Length: 1.460"
"12:27:12,5065823","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5067549","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.907.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5068571","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:12,5073422","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:12,5074197","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskhost.exe","SUCCESS","Filter: taskhost.exe, 1: taskhost.exe"
"12:27:12,5078209","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:12,5081017","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,5082650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:12,5087072","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:12,5091480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 466.944, Length: 4.096"
"12:27:12,5095889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 471.040, Length: 4.096"
"12:27:12,5100297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 475.136, Length: 4.096"
"12:27:12,5104706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 479.232, Length: 4.096"
"12:27:12,5109128","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 483.328, Length: 4.096"
"12:27:12,5113541","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 487.424, Length: 4.096"
"12:27:12,5117945","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 491.520, Length: 4.096"
"12:27:12,5122755","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 495.616, Length: 4.096"
"12:27:12,5127186","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 499.712, Length: 4.096"
"12:27:12,5127728","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5131590","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 503.808, Length: 4.096"
"12:27:12,5135345","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","CreationTime: 16.12.2012 13:25:38, LastAccessTime: 13.05.2013 10:47:49, LastWriteTime: 16.12.2012 13:25:38, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:12,5136008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 507.904, Length: 4.096"
"12:27:12,5138191","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS",""
"12:27:12,5140435","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 512.000, Length: 2.560"
"12:27:12,5155848","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5161455","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","Filter: SbieCtrl.exe, 1: SbieCtrl.exe"
"12:27:12,5162486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 501.760, Length: 4.096"
"12:27:12,5165873","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:27:12,5183936","Windows7FirewallService.exe","2128","QueryOpen","D:\Progs\Firefox 19.0.2 portable\Firefox\plugin-container.exe","SUCCESS","CreationTime: 03.10.2013 16:41:29, LastAccessTime: 03.10.2013 16:41:42, LastWriteTime: 03.10.2013 16:41:42, ChangeTime: 03.10.2013 16:41:42, AllocationSize: 20.480, EndOfFile: 17.816, FileAttributes: ANCI"
"12:27:12,5187486","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5190696","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5190705","Windows7FirewallService.exe","2128","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5193504","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976223, endtime: 976223, seqnum: 0, connid: 0"
"12:27:12,5197553","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs","SUCCESS","Filter: Progs, 1: Progs"
"12:27:12,5203207","Windows7FirewallService.exe","2128","CloseFile","D:\","SUCCESS",""
"12:27:12,5212831","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5215588","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5217571","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5219217","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5221615","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976223, endtime: 976223, seqnum: 0, connid: 0"
"12:27:12,5224064","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5230446","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Filter: Firefox, 1: Firefox"
"12:27:12,5234915","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS",""
"12:27:12,5275314","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.907.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5279681","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.907.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5282130","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.907.699, Length: 2.920"
"12:27:12,5286095","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.910.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5296526","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5304886","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.910.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5306444","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","CreationTime: 10.09.2013 18:54:10, LastAccessTime: 10.09.2013 18:54:10, LastWriteTime: 10.09.2013 18:54:10, ChangeTime: 10.09.2013 18:54:10, FileAttributes: A"
"12:27:12,5308473","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.910.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5310871","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.910.619, Length: 2.920"
"12:27:12,5310899","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS",""
"12:27:12,5314533","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.913.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5323308","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5331331","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,5337368","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,5356644","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.913.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5359415","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5359807","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.913.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5361864","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.913.539, Length: 2.920"
"12:27:12,5365050","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.916.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5366636","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:12,5371068","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,5378826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\csc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,5387120","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5392359","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed","SUCCESS","Filter: Macromed, 1: Macromed"
"12:27:12,5397103","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:12,5412838","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5418408","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed\Flash","SUCCESS","Filter: Flash, 1: Flash"
"12:27:12,5422831","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed","SUCCESS",""
"12:27:12,5469000","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5474603","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","CreationTime: 10.09.2013 18:54:10, LastAccessTime: 10.09.2013 18:54:10, LastWriteTime: 10.09.2013 18:54:10, ChangeTime: 10.09.2013 18:54:10, FileAttributes: A"
"12:27:12,5477019","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS",""
"12:27:12,5484241","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5489400","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,5493463","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,5507701","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5507920","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5510542","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5512562","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976223, endtime: 976223, seqnum: 0, connid: 0"
"12:27:12,5513108","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:12,5517087","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,5523375","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5525018","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5526585","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976223, endtime: 976223, seqnum: 0, connid: 0"
"12:27:12,5535812","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5537417","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5538653","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976223, endtime: 976223, seqnum: 0, connid: 0"
"12:27:12,5541569","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5548384","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed","SUCCESS","Filter: Macromed, 1: Macromed"
"12:27:12,5553194","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:12,5570049","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5574928","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed\Flash","SUCCESS","Filter: Flash, 1: Flash"
"12:27:12,5579710","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed","SUCCESS",""
"12:27:12,5613424","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5619446","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","CreationTime: 27.09.2013 20:28:05, LastAccessTime: 27.09.2013 20:28:05, LastWriteTime: 31.05.2013 15:54:54, ChangeTime: 27.09.2013 20:28:05, FileAttributes: A"
"12:27:12,5625007","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS",""
"12:27:12,5634225","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5639492","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:12,5643896","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,5659953","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5665131","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\Desktop","SUCCESS","Filter: Desktop, 1: Desktop"
"12:27:12,5669119","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:12,5684453","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\Desktop","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5685783","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.916.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5688596","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.916.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5690228","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.916.459, Length: 2.920"
"12:27:12,5690844","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","Filter: Procmon.exe, 1: Procmon.exe"
"12:27:12,5693755","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.919.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5695663","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\Desktop","SUCCESS",""
"12:27:12,5718918","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.919.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5724082","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.919.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5726536","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.919.379, Length: 2.920"
"12:27:12,5729335","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskmgr.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5730119","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.922.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5743363","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskmgr.exe","SUCCESS","CreationTime: 21.11.2010 05:24:24, LastAccessTime: 21.11.2010 05:24:24, LastWriteTime: 21.11.2010 05:24:24, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:12,5745789","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskmgr.exe","SUCCESS",""
"12:27:12,5753024","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5758212","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,5762205","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,5777478","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5783491","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:12,5788305","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,5798993","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.922.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5802599","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.922.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5805958","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5806639","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.922.299, Length: 2.920"
"12:27:12,5811159","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskmgr.exe","SUCCESS","Filter: taskmgr.exe, 1: taskmgr.exe"
"12:27:12,5811845","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.925.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5815568","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,5828569","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5831391","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5833729","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976224, endtime: 976224, seqnum: 0, connid: 0"
"12:27:12,5847803","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5849440","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5850606","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5851861","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976224, endtime: 976224, seqnum: 0, connid: 0"
"12:27:12,5852528","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5859419","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,5859727","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","CreationTime: 06.10.2013 12:25:43, LastAccessTime: 06.10.2013 12:25:43, LastWriteTime: 06.10.2013 12:25:47, ChangeTime: 06.10.2013 12:25:47, FileAttributes: HA"
"12:27:12,5860697","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976224, endtime: 976224, seqnum: 0, connid: 0"
"12:27:12,5863342","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS",""
"12:27:12,5873344","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5879791","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:12,5883849","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,5900298","Windows7FirewallService.exe","2128","CreateFile","C:\Users","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5905504","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\WONDER~1","SUCCESS","Filter: WONDER~1, 1: wonderwall"
"12:27:12,5910300","Windows7FirewallService.exe","2128","CloseFile","C:\Users","SUCCESS",""
"12:27:12,5921990","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.925.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5928260","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.925.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5930378","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5933242","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.925.219, Length: 2.920"
"12:27:12,5937180","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:12,5937264","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.928.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5942736","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:12,5957262","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.928.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5960430","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.928.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5961256","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5962800","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.928.139, Length: 5.840"
"12:27:12,5966480","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.933.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,5968057","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData\Local","SUCCESS","Filter: Local, 1: Local"
"12:27:12,5972064","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:12,5987338","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData\Local","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,5992894","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData\Local\Temp","SUCCESS","Filter: Temp, 1: Temp"
"12:27:12,5996551","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData\Local","SUCCESS",""
"12:27:12,6029495","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,6045529","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6049536","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:12,6049905","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6052382","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:12,6052736","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:12,6055111","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:12,6056767","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:12,6058735","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:12,6060788","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:12,6061525","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,6067128","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,6072413","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:12,6092482","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,6095710","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:12,6099680","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:12,6100837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,6105273","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,6129144","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,6135694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:12,6136398","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:12,6142029","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:12,6149890","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,6152717","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,6154727","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976224, endtime: 976224, seqnum: 0, connid: 0"
"12:27:12,6158161","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6163418","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6166693","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6168363","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,6169123","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,6170378","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,6170709","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6171540","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,6173182","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976224, endtime: 976224, seqnum: 0, connid: 0"
"12:27:12,6173858","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6174763","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 917.466, Length: 16.200"
"12:27:12,6177912","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:12,6180739","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046}"
"12:27:12,6183888","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS",""
"12:27:12,6195639","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,6200407","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\dfsc.sys","NO SUCH FILE","Filter: dfsc.sys"
"12:27:12,6203262","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:12,6218913","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,6219631","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6223727","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Filter: dfsc.sys, 1: dfsc.sys"
"12:27:12,6225201","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:12,6228481","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6230841","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6231508","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:12,6233286","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6237312","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:12,6239957","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.933.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6241720","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:12,6243950","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.933.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6245261","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Query: Name"
"12:27:12,6246399","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.933.979, Length: 2.920"
"12:27:12,6248550","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6250010","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.936.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6254553","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6258514","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046}"
"12:27:12,6263104","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS",""
"12:27:12,6272952","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6273232","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,6279838","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:12,6280454","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:12,6283630","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,6284881","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6286541","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.936.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6289639","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6290105","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.936.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6292139","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.936.899, Length: 4.380"
"12:27:12,6292895","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,6293716","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6295377","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.941.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6297742","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,6298540","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6302533","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,6303307","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:12,6309167","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6313622","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6317615","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6320866","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:12,6326828","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6330812","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:12,6333695","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6336046","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6339242","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6339344","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,6342064","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:12,6343314","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:12,6345292","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:12,6345362","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:12,6347737","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: Name"
"12:27:12,6350484","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6352957","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,6353703","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6356138","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {8564B5BD-BFC4-45C5-A755-25BA407305E7}"
"12:27:12,6356960","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,6358569","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: Name"
"12:27:12,6360934","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6360995","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,6364577","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6367376","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 1.0"
"12:27:12,6370586","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS",""
"12:27:12,6374999","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6376044","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,6381917","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:12,6387259","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:12,6388308","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6392703","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6392829","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,6395908","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6399542","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:12,6403885","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:12,6406707","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: Name"
"12:27:12,6409170","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6413154","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6416392","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Index: 0, Name: 1.0"
"12:27:12,6419582","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NO MORE ENTRIES","Index: 1, Length: 288"
"12:27:12,6423147","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: Name"
"12:27:12,6426006","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6430023","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6432812","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6435192","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:12,6438014","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: Name"
"12:27:12,6438210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 95.492, Length: 4.096"
"12:27:12,6440430","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6443262","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6446014","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Index: 0, Name: 0"
"12:27:12,6447834","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:12,6448482","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: Name"
"12:27:12,6450847","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6453628","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6456077","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6458111","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:12,6460513","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: Name"
"12:27:12,6462528","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6465309","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6467707","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6468742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 92.680, Length: 4.096"
"12:27:12,6469750","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:12,6472157","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Query: Name"
"12:27:12,6474504","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6476962","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6479364","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","BUFFER OVERFLOW","Length: 144"
"12:27:12,6481716","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","SUCCESS","Type: REG_SZ, Length: 138, Data: C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe"
"12:27:12,6486465","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,6502195","Windows7FirewallControl.exe","3436","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,6509034","Windows7FirewallControl.exe","3436","QueryNetworkOpenInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:12,6513041","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
"12:27:12,6517463","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 232, Length: 4"
"12:27:12,6520244","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 236, Length: 20"
"12:27:12,6523439","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 496, Length: 40"
"12:27:12,6526299","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 536, Length: 40"
"12:27:12,6529061","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 576, Length: 40"
"12:27:12,6531920","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 616, Length: 40"
"12:27:12,6534715","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 656, Length: 40"
"12:27:12,6537933","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.864, Length: 16"
"12:27:12,6540924","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,6541134","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.880, Length: 8"
"12:27:12,6543527","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.768, Length: 2"
"12:27:12,6544110","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,6545906","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.888, Length: 8"
"12:27:12,6546135","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976224, endtime: 976224, seqnum: 0, connid: 0"
"12:27:12,6548350","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.786, Length: 2"
"12:27:12,6551163","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.788, Length: 14"
"12:27:12,6553962","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 94.720, Length: 4.096"
"12:27:12,6554345","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.960, Length: 16"
"12:27:12,6557998","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.976, Length: 8"
"12:27:12,6558739","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 98.816, Length: 3.584"
"12:27:12,6560125","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,6561548","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.192, Length: 16"
"12:27:12,6561767","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,6562943","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:12,6563129","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 96.768, Length: 4.096"
"12:27:12,6564202","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976224, endtime: 976224, seqnum: 0, connid: 0"
"12:27:12,6564757","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.208, Length: 8"
"12:27:12,6566805","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 14.336, Length: 4.096"
"12:27:12,6567192","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.544, Length: 16"
"12:27:12,6569240","Windows7FirewallControl.exe","3436","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6572058","Windows7FirewallControl.exe","3436","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:27:12,6574423","Windows7FirewallControl.exe","3436","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6578850","Windows7FirewallControl.exe","3436","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","SyncType: SyncTypeOther"
"12:27:12,6588899","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS",""
"12:27:12,6591301","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS",""
"12:27:12,6593643","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS",""
"12:27:12,6595313","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS",""
"12:27:12,6601723","Windows7FirewallControl.exe","3436","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:27:12,6616907","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 99.840, Length: 2.560"
"12:27:12,6618941","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6626648","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6631122","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6635889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,6636309","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6638767","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6643167","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6645980","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.941.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6647930","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6648807","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.941.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6650794","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.941.279, Length: 2.920"
"12:27:12,6652748","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:12,6653602","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.944.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6657614","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6660796","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6664360","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6668386","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6671614","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6675663","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:12,6678872","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {8564B5BD-BFC4-45C5-A755-25BA407305E7}"
"12:27:12,6682418","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 1.0"
"12:27:12,6685483","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.944.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6686052","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS",""
"12:27:12,6688286","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.944.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6689658","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:12,6690255","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.944.199, Length: 4.380"
"12:27:12,6692508","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6693152","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.948.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6694873","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6697323","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6699342","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6702067","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:12,6704087","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Index: 0, Name: 1.0"
"12:27:12,6706144","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NO MORE ENTRIES","Index: 1, Length: 288"
"12:27:12,6708141","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6709759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 95.492, Length: 4.096"
"12:27:12,6710165","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6712530","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Index: 0, Name: 0"
"12:27:12,6712563","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,6714970","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6716972","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6719341","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,6720153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 18.944, Length: 4.096"
"12:27:12,6723013","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,6726619","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","BUFFER OVERFLOW","Length: 144"
"12:27:12,6727062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 95.492, Length: 4.096"
"12:27:12,6729772","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","SUCCESS","Type: REG_SZ, Length: 138, Data: C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe"
"12:27:12,6733089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,6742298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:12,6748311","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:12,6753932","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:12,6755490","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:12,6763108","Windows7FirewallService.exe","2128","QueryNetworkOpenInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:12,6765184","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:12,6767120","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
"12:27:12,6771515","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 232, Length: 4"
"12:27:12,6774318","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 236, Length: 20"
"12:27:12,6777505","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 496, Length: 40"
"12:27:12,6779958","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 536, Length: 40"
"12:27:12,6780420","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:12,6782323","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 576, Length: 40"
"12:27:12,6784367","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 616, Length: 40"
"12:27:12,6786046","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:12,6786732","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 656, Length: 40"
"12:27:12,6788803","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.864, Length: 16"
"12:27:12,6790809","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.880, Length: 8"
"12:27:12,6791985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:12,6793967","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.768, Length: 2"
"12:27:12,6796832","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.888, Length: 8"
"12:27:12,6798026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:12,6799612","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.786, Length: 2"
"12:27:12,6801641","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.788, Length: 14"
"12:27:12,6804025","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.960, Length: 16"
"12:27:12,6804039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:12,6806068","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.976, Length: 8"
"12:27:12,6808415","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.192, Length: 16"
"12:27:12,6809660","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:12,6810435","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.208, Length: 8"
"12:27:12,6812441","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.544, Length: 16"
"12:27:12,6814456","Windows7FirewallService.exe","2128","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6814895","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:12,6817250","Windows7FirewallService.exe","2128","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:27:12,6819275","Windows7FirewallService.exe","2128","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:12,6820115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:12,6825703","Windows7FirewallService.exe","2128","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","SyncType: SyncTypeOther"
"12:27:12,6830951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:12,6836969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:12,6837571","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS",""
"12:27:12,6841998","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS",""
"12:27:12,6842199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:12,6844424","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS",""
"12:27:12,6846425","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS",""
"12:27:12,6847745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:12,6852648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:12,6853689","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:27:12,6858232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:12,6863443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:12,6868673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:12,6873869","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:12,6879080","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:12,6884305","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:12,6889521","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:12,6915439","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 95.492, Length: 4.096"
"12:27:12,6924079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,6929243","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:12,6934449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:12,6939669","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:12,6944558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:12,6950096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:12,6955348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:12,6960172","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:12,6964594","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:12,6969007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:12,6973775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:12,6978179","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:12,6982615","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:12,6987019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:12,6991427","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:12,6995514","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:12,6999913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:12,7005129","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:12,7009938","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:12,7014356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:12,7019520","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:12,7024740","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:12,7029531","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:12,7034411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:12,7039570","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:12,7057302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 95.492, Length: 4.096"
"12:27:12,7136705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 101.888, Length: 512"
"12:27:12,7251884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dfsc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,8380646","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,8385017","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,8387456","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:12,8389836","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:12,8391492","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:12,8393465","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:12,8395905","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:12,8443632","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:12,8450089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,8468040","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:12,8493147","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,8499193","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.828.716, Length: 16.200"
"12:27:12,8520833","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,8528274","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\blbdrive.sys","NO SUCH FILE","Filter: blbdrive.sys"
"12:27:12,8533490","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:12,8557188","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,8561601","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Filter: blbdrive.sys, 1: blbdrive.sys"
"12:27:12,8565617","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:12,8597302","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,8604496","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:12,8606963","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,8615780","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,8620557","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,8625773","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,8663335","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,8669353","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:12,8671382","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:12,8679751","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,8683782","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,8687826","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,8703464","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,8707429","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:12,8710685","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,8737957","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 41.572, Length: 3.484"
"12:27:12,8743592","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:12,8760008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 32.492, Length: 4.096"
"12:27:12,8778467","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,8818185","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 41.472, Length: 3.584"
"12:27:12,8822570","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 35.840, Length: 4.096"
"12:27:12,8847533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 43.520, Length: 1.536"
"12:27:12,8856807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,8925140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 41.572, Length: 3.484"
"12:27:12,8928727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,8936350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 37.888, Length: 4.096"
"12:27:12,9034651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 44.544, Length: 512"
"12:27:12,9113256","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\blbdrive.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,9716879","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:12,9721362","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:12,9724151","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:12,9726577","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:12,9730491","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:12,9733253","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:12,9735655","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:12,9787549","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:12,9792816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:12,9808812","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:12,9839167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:12,9845241","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.179.906, Length: 16.200"
"12:27:12,9870171","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,9875017","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\tunnel.sys","NO SUCH FILE","Filter: tunnel.sys"
"12:27:12,9878213","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:12,9894690","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,9898660","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Filter: tunnel.sys, 1: tunnel.sys"
"12:27:12,9902653","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:12,9930811","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,9936381","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:12,9938396","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:12,9944764","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,9948393","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,9951607","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:12,9977713","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,9980941","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:12,9982569","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:12,9988578","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:12,9992179","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:12,9995384","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:13,0008576","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,0012173","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:13,0015056","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:13,0043069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 95.332, Length: 4.096"
"12:27:13,0048709","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:13,0065168","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 92.852, Length: 4.096"
"12:27:13,0082391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,0124175","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 95.232, Length: 4.096"
"12:27:13,0129400","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 76.288, Length: 4.096"
"12:27:13,0144174","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 99.328, Length: 4.096"
"12:27:13,0186747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 107.520, Length: 4.096"
"12:27:13,0195587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,0251749","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 95.332, Length: 4.096"
"12:27:13,0254165","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,0261727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 88.064, Length: 4.096"
"12:27:13,0264564","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 95.332, Length: 4.096"
"12:27:13,0269383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,0274640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:13,0279860","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:13,0285439","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:13,0290650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:13,0295856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:13,0301058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:13,0306269","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:13,0311466","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:13,0316350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:13,0321980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:13,0327546","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:13,0332766","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:13,0337963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:13,0342842","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:13,0348044","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:13,0353241","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:13,0358442","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:13,0363630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:13,0368523","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:13,0373715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:13,0378917","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:13,0384165","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:13,0389716","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:13,0394596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:13,0399793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:13,0404985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:13,0410182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:13,0415061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:13,0420258","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:13,0427428","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 122.880, Length: 2.560"
"12:27:13,0443476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 95.332, Length: 4.096"
"12:27:13,0447917","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,0452362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:13,0456776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:13,0461179","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:13,0465583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:13,0470001","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:13,0474405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:13,0478813","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:13,0483259","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:13,0487677","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:13,0492071","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:13,0496479","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:13,0500892","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:13,0505296","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:13,0509705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:13,0514108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:13,0518512","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:13,0523326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:13,0527744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:13,0532148","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:13,0536561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:13,0540960","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:13,0545369","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:13,0549464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:13,0553864","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:13,0558272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:13,0562676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:13,0567089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:13,0571852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:13,0576302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:13,0580734","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 122.880, Length: 2.560"
"12:27:13,0597607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 95.332, Length: 4.096"
"12:27:13,0667358","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 103.424, Length: 4.096"
"12:27:13,0802643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tunnel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,1081032","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:13,1085100","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,1087852","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:13,1089909","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:13,1091887","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:13,1093534","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:13,1095549","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:13,1129207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:13,1134437","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,1166886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:13,1185733","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,1190990","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.010.642, Length: 16.200"
"12:27:13,1211461","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,1216209","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\tunnel.sys.mui","NO SUCH FILE","Filter: tunnel.sys.mui"
"12:27:13,1219041","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:13,1235546","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,1239530","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Filter: tunnel.sys.mui, 1: tunnel.sys.mui"
"12:27:13,1243532","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:13,1269997","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,1275637","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:13,1277657","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:13,1285275","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,1298505","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:13,1304523","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:13,1339837","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,1343821","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:13,1345481","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:13,1352283","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,1356285","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:13,1359901","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:13,1375123","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,1379158","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:13,1382405","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:13,1497374","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 6.656, Length: 2.560"
"12:27:13,1507357","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,1590025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:13,1596043","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 8.192, Length: 1.024"
"12:27:13,1610080","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,1619289","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:13,1625694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 8.192, Length: 1.024"
"12:27:13,1687916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:27:13,1795868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\tunnel.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,2003489","SynTPEnh.exe","3172","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"12:27:13,2008326","SynTPEnh.exe","3172","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\WheelScrollLines","NAME NOT FOUND","Length: 16"
"12:27:13,2011541","SynTPEnh.exe","3172","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop","SUCCESS",""
"12:27:13,2014750","SynTPEnh.exe","3172","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"12:27:13,2300332","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:13,2304684","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,2307129","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:13,2309513","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:13,2311155","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:13,2313119","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:13,2315139","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:13,2331079","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,2334265","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:13,2337498","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:13,2341053","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:13,2343455","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:13,2345503","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,2347504","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:13,2349879","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:13,2351269","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:13,2352272","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:13,2354334","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:13,2356345","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,2356900","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,2358327","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:13,2360352","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:13,2362708","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:13,2364373","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:13,2366342","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,2367989","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:13,2369990","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:13,2371996","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:13,2373983","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:13,2375648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:13,2408177","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,2414251","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.244.920, Length: 16.200"
"12:27:13,2447979","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,2453577","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\atikmpag.sys","NO SUCH FILE","Filter: atikmpag.sys"
"12:27:13,2456768","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:13,2474061","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,2478073","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Filter: atikmpag.sys, 1: atikmpag.sys"
"12:27:13,2482080","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:13,2512939","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,2518547","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:13,2523762","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:13,2532593","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,2536983","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:13,2541051","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:13,2577120","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,2581165","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:13,2583586","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:13,2590332","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,2594404","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:13,2597987","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:13,2616838","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,2628025","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:13,2633600","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:13,2661706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 296.536, Length: 4.096"
"12:27:13,2666143","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 294.912, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,2682200","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:13,2700724","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 294.920, Length: 4.096"
"12:27:13,2719114","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,2768885","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 173.056, Length: 4.096"
"12:27:13,2772127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 172.032, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,2786234","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 177.152, Length: 4.096"
"12:27:13,2789854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 180.224, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,2802356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:13,2828914","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 296.960, Length: 4.096"
"12:27:13,2838533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,2843291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:13,2912310","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,2920306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 184.832, Length: 4.096"
"12:27:13,2925171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 184.320, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,2939362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 296.536, Length: 4.096"
"12:27:13,2985420","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 183.296, Length: 4.096"
"12:27:13,3049671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 297.984, Length: 4.096"
"12:27:13,3054499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 302.080, Length: 4.096"
"12:27:13,3057690","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 303.104, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,3179241","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmpag.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,3644967","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:13,3648615","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,3650952","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:13,3653410","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:13,3655402","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:13,3657404","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,3659013","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:13,3661420","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:13,3663837","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:13,3665418","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,3667032","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:13,3667228","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:13,3668674","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:13,3670876","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,3673288","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:13,3675681","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:13,3677650","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:13,3679292","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:13,3681316","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:13,3716225","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:13,3726637","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,3745969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 288, Length: 4.096"
"12:27:13,3772074","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,3777681","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.264.036, Length: 16.200"
"12:27:13,3795343","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,3799411","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\atikmdag.sys","NO SUCH FILE","Filter: atikmdag.sys"
"12:27:13,3802224","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:13,3817819","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,3822232","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Filter: atikmdag.sys, 1: atikmdag.sys"
"12:27:13,3825889","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:13,3853562","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,3859132","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:13,3861148","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:13,3867982","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,3871606","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:13,3874830","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:13,3907728","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,3911301","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:13,3912929","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:13,3918975","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,3923719","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:13,3932028","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:13,3937709","wmiprvse.exe","3952","Thread Create","","SUCCESS","Thread ID: 8616"
"12:27:13,3951336","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,3955749","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:13,3959388","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:13,3978337","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,3981500","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,3983529","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976232, endtime: 976232, seqnum: 0, connid: 0"
"12:27:13,3986631","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 9.880.064, Length: 4.096"
"12:27:13,3990251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 9.879.552, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,3997963","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,3999595","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4000771","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4001923","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4003164","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976232, endtime: 976232, seqnum: 0, connid: 0"
"12:27:13,4005996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 9.884.160, Length: 4.096"
"12:27:13,4009616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 9.887.744, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4023280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 4.812.288, Length: 4.096"
"12:27:13,4027679","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 4.808.704, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4063408","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.948.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4066156","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.948.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4067779","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.948.579, Length: 2.920"
"12:27:13,4076479","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.951.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4081042","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 160.928, Length: 4.096"
"12:27:13,4084237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 159.744, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4098255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 288, Length: 4.096"
"12:27:13,4122499","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.951.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4125312","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.951.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4127272","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.951.499, Length: 5.840"
"12:27:13,4130523","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.957.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4130728","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,4176487","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 9.880.064, Length: 4.096"
"12:27:13,4181302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 9.884.160, Length: 4.096"
"12:27:13,4184866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 4.812.288, Length: 4.096"
"12:27:13,4219368","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 9.885.696, Length: 4.096"
"12:27:13,4229407","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,4233830","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 159.232, Length: 4.096"
"12:27:13,4237039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 155.648, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4267609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 163.328, Length: 4.096"
"12:27:13,4299112","SynTPEnh.exe","3172","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"12:27:13,4303884","SynTPEnh.exe","3172","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\WheelScrollLines","NAME NOT FOUND","Length: 16"
"12:27:13,4307089","SynTPEnh.exe","3172","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop","SUCCESS",""
"12:27:13,4309939","SynTPEnh.exe","3172","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"12:27:13,4336208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 160.928, Length: 4.096"
"12:27:13,4339403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,4344176","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4346531","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4347464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 5.864.960, Length: 4.096"
"12:27:13,4347726","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4348985","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4350585","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4351122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 5.861.376, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4354224","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4356986","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976232, endtime: 976232, seqnum: 0, connid: 0"
"12:27:13,4364352","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 160.928, Length: 4.096"
"12:27:13,4413232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 749.056, Length: 4.096"
"12:27:13,4416483","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 745.472, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4422650","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.957.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4426727","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 407.961.600, EndOfFile: 407.957.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4431112","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.957.339, Length: 7.300, Priority: Normal"
"12:27:13,4452497","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.964.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4464220","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.964.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4468614","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.964.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4471054","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.964.639, Length: 1.460"
"12:27:13,4474679","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.966.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4485469","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 163.328, Length: 4.096"
"12:27:13,4490727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 167.424, Length: 4.096"
"12:27:13,4493899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 167.936, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4508379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 171.520, Length: 4.096"
"12:27:13,4512381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 172.032, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4530528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 4.363.776, Length: 4.096"
"12:27:13,4537764","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 4.362.240, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4551353","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 306.688, Length: 4.096"
"12:27:13,4555351","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 303.104, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4568282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 4.025.856, Length: 4.096"
"12:27:13,4572275","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 4.022.272, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4587908","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 202.240, Length: 4.096"
"12:27:13,4593142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 534.016, Length: 4.096"
"12:27:13,4596370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 532.480, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4610990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 3.651.072, Length: 4.096"
"12:27:13,4615007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 3.649.536, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4630089","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:13,4632566","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:13,4634926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 3.786.240, Length: 4.096"
"12:27:13,4634968","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:13,4638537","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:13,4639372","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 3.784.704, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4642530","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:13,4643365","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4646197","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4648203","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976232, endtime: 976232, seqnum: 0, connid: 0"
"12:27:13,4651389","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 536.064, Length: 4.096"
"12:27:13,4662622","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4664236","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4665100","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4666261","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4667819","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976232, endtime: 976232, seqnum: 0, connid: 0"
"12:27:13,4691130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 587.264, Length: 4.096"
"12:27:13,4694344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 585.728, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4707733","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.966.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4710961","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.966.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4713331","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.966.099, Length: 2.920"
"12:27:13,4715785","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.969.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4728105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 208.384, Length: 4.096"
"12:27:13,4740136","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 755.200, Length: 4.096"
"12:27:13,4743378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 753.664, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4757765","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.969.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4757952","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 192.000, Length: 4.096"
"12:27:13,4760559","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.969.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4762519","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.969.019, Length: 5.840"
"12:27:13,4763610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 753.152, Length: 4.096"
"12:27:13,4765784","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.974.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,4767608","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 759.296, Length: 4.096"
"12:27:13,4770794","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 761.856, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,4849806","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 160.928, Length: 4.096"
"12:27:13,4934839","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,4943255","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:13,4946814","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:13,4963650","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4965661","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,4966799","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4968814","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976233, endtime: 976233, seqnum: 0, connid: 0"
"12:27:13,4982907","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4984526","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4985697","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4986859","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,4988118","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976233, endtime: 976233, seqnum: 0, connid: 0"
"12:27:13,5004809","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5011658","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:13,5013650","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,5019103","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\atikmdag.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,5020083","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5024925","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:13,5029324","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,5043776","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5048534","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:13,5051791","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,5064661","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5069070","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:13,5072247","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,5085481","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5089899","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:13,5093090","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,5115972","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5120427","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:13,5122806","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,5156581","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5161731","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:13,5163382","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,5185797","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5189884","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:13,5191843","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,5214674","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5218723","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,5220356","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,5255693","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5261282","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,5263908","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:13,5293260","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5298826","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:13,5301265","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:13,5336594","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5338427","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5339752","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976233, endtime: 976233, seqnum: 0, connid: 0"
"12:27:13,5344417","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:13,5346432","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:13,5360660","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5363100","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5364700","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5366310","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5367914","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5369967","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976233, endtime: 976233, seqnum: 0, connid: 0"
"12:27:13,5370536","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5374926","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:13,5376582","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,5398983","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5403028","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:13,5404656","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,5427911","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5432273","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:13,5433896","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:13,5439905","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5444364","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,5451185","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5456797","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:13,5458812","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,5474062","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5480420","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:13,5482869","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:13,5492335","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:13,5495231","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7600000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:13,5498418","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,5510034","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5516075","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:13,5518869","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:13,5534040","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:13,5538094","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,5539288","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,5540846","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:13,5542908","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:13,5544872","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:13,5546523","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:13,5548856","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:13,5579267","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5583017","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:13,5584865","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:13,5586861","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,5589847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,5594442","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5599261","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:13,5603264","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,5607317","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 256, Length: 4.096"
"12:27:13,5616932","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5621774","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:13,5625385","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,5644236","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5649279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,5652475","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:13,5655325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.221.408, Length: 4.096"
"12:27:13,5656137","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,5659304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.218.368, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,5673285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 256, Length: 4.096"
"12:27:13,5674209","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5679350","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:13,5682569","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,5704167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,5706691","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5711492","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:13,5713455","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,5729461","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.255.230, Length: 4.096"
"12:27:13,5732661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.251.136, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,5739510","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5742327","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5744342","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976233, endtime: 976233, seqnum: 0, connid: 0"
"12:27:13,5759742","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5759933","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5761566","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5762424","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5763586","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,5765158","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976233, endtime: 976233, seqnum: 0, connid: 0"
"12:27:13,5766184","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:13,5768974","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,5769002","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,5781019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.237.536, Length: 4.096"
"12:27:13,5785385","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.234.752, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,5797523","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5799805","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.241.728, Length: 4.096"
"12:27:13,5801965","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:13,5803765","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.242.944, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,5803938","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,5816244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.239.680, Length: 4.096"
"12:27:13,5821077","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 2.889.344, Length: 4.096"
"12:27:13,5825439","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 2.887.680, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,5835119","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5841962","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,5844309","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,5859904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.243.488, Length: 4.096"
"12:27:13,5863566","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.247.040, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,5870046","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5874440","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,5876073","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:13,5895717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,5898488","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5900503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.221.376, Length: 4.096"
"12:27:13,5902873","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:13,5904497","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:13,5925382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 7.072, Length: 4.096"
"12:27:13,5926179","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5930201","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:13,5931819","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:13,5942218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 2.976, Length: 4.096"
"12:27:13,5953083","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5957085","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:13,5958699","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,5979575","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,5983554","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:13,5985168","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,5987580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 10.729.504, Length: 4.096"
"12:27:13,5991998","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 10.727.424, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,6006455","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6010434","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:13,6012043","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:13,6017674","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6022516","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.221.408, Length: 4.096"
"12:27:13,6026365","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,6038027","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6045277","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:13,6047656","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,6048673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 2.554.784, Length: 4.096"
"12:27:13,6053581","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 2.551.808, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,6061768","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6064539","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6064585","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6066918","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976234, endtime: 976234, seqnum: 0, connid: 0"
"12:27:13,6070939","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:13,6073393","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:13,6080950","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6081669","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: WinN"
"12:27:13,6082961","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6083824","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6084920","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7600000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:13,6084990","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6086240","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976234, endtime: 976234, seqnum: 0, connid: 0"
"12:27:13,6088526","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,6107405","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:13,6127754","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.223.424, Length: 4.096"
"12:27:13,6133413","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.226.560, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,6150085","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6151732","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.227.520, Length: 4.096"
"12:27:13,6155348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.230.656, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,6155679","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:13,6157675","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,6164136","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6166170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.231.616, Length: 4.096"
"12:27:13,6168937","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:13,6173756","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,6187410","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6191823","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:13,6195383","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,6208230","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6212634","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:13,6215559","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 12.235.712, Length: 4.096"
"12:27:13,6215825","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,6230333","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6234737","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:13,6237913","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,6260399","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6264830","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:13,6266785","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,6288090","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6292107","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:13,6293725","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,6314583","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6315721","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\igdpmd64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,6318590","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:13,6320204","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,6341859","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6346225","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,6347844","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,6368697","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6372713","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,6374365","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:13,6377108","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6380289","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976234, endtime: 976234, seqnum: 0, connid: 0"
"12:27:13,6396402","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6398501","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6400400","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:13,6400885","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6402019","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:13,6402145","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6403726","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,6405732","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976234, endtime: 976234, seqnum: 0, connid: 0"
"12:27:13,6427644","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6434496","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:13,6436544","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:13,6462967","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6467361","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:13,6468994","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,6491853","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6495911","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:13,6497856","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,6519978","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6528734","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:13,6530381","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:13,6539767","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6546937","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,6555390","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6561445","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:13,6563824","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,6581043","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6586673","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:13,6590335","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:13,6593120","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:13,6602628","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,6605795","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:13,6610614","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,6804827","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,6830583","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:13,6834968","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:13,6837394","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:13,6839782","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:13,6841434","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:13,6843416","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:13,6843981","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6845446","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:13,6848795","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:13,6850460","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,6856488","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6861255","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:13,6865263","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,6878553","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6879477","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:13,6883316","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:13,6883904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,6886558","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,6899779","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6900814","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:13,6904169","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:13,6907038","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,6921056","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6925833","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:13,6928702","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,6932093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,6938125","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.217.166, Length: 16.200"
"12:27:13,6951154","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6955166","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:13,6957116","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,6959365","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,6963806","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\dxgkrnl.sys","NO SUCH FILE","Filter: dxgkrnl.sys"
"12:27:13,6966652","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:13,6978771","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,6982825","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:13,6983474","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,6984453","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,6987467","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Filter: dxgkrnl.sys, 1: dxgkrnl.sys"
"12:27:13,6991115","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:13,7007680","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7011706","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:13,7013334","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,7018363","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,7025230","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:13,7028379","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:13,7035232","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,7038861","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:13,7042416","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:13,7044189","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7048238","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,7049861","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,7069725","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,7071913","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7072967","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:13,7074912","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:13,7075943","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,7077903","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:13,7080977","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,7084597","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:13,7088207","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:13,7099576","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7100621","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,7102216","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:13,7103462","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,7103593","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:13,7105020","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:13,7106378","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:13,7106648","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:13,7106667","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976235, endtime: 976235, seqnum: 0, connid: 0"
"12:27:13,7110240","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:13,7128065","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7132096","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:13,7133715","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:13,7137554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 956.892, Length: 4.096"
"12:27:13,7141155","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 954.368, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7154912","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7157231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:13,7158584","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:13,7160930","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,7176068","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 954.376, Length: 4.096"
"12:27:13,7181433","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7185421","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:13,7187031","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,7195330","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,7207860","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7211522","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:13,7213141","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:13,7218744","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7224383","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,7231162","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7236419","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:13,7238313","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 976.384, Length: 7.016"
"12:27:13,7238761","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,7241938","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 974.848, Length: 8.552, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7255616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 953.344, Length: 4.096"
"12:27:13,7258858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 950.272, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7259642","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7266844","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:13,7269657","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:13,7279528","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:13,7280154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 957.440, Length: 4.096"
"12:27:13,7285444","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 961.536, Length: 4.096"
"12:27:13,7285910","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:13,7290295","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:13,7291014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 962.560, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7292786","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,7302350","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7302667","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 958.464, Length: 4.096"
"12:27:13,7306660","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 83.968, Length: 4.096"
"12:27:13,7308405","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:13,7310845","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:13,7327671","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,7333983","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 964.608, Length: 4.096"
"12:27:13,7341699","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,7360420","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:13,7370426","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 976.384, Length: 4.096"
"12:27:13,7374457","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 965.632, Length: 4.096"
"12:27:13,7379999","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7384822","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:13,7385312","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,7387178","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,7393205","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7397660","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:13,7402955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 976.384, Length: 4.096"
"12:27:13,7406958","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,7431001","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 31.744, Length: 4.096"
"12:27:13,7438316","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7446675","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:13,7447902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 976.384, Length: 4.096"
"12:27:13,7451504","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,7454321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 980.480, Length: 2.920"
"12:27:13,7459565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:13,7468382","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7473187","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:13,7476415","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,7490848","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7495294","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:13,7498485","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,7517672","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,7524086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 4.096, Length: 57.752"
"12:27:13,7525323","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7528089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 61.848, Length: 61.440"
"12:27:13,7532161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 123.288, Length: 61.440"
"12:27:13,7532511","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:13,7535329","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,7536976","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 131.072, Length: 57.344, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7552062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 184.728, Length: 61.440"
"12:27:13,7556517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 188.416, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7565017","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7571268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 246.168, Length: 61.440"
"12:27:13,7573428","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:13,7575742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 249.856, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7575910","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,7591374","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 307.608, Length: 61.440"
"12:27:13,7596156","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 311.296, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7610263","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 369.048, Length: 61.440"
"12:27:13,7615031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 372.736, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7617218","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7628694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 430.488, Length: 61.440"
"12:27:13,7630854","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,7632879","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,7633495","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 434.176, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7646379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 491.928, Length: 61.440"
"12:27:13,7651553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 495.616, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7664965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 553.368, Length: 61.440"
"12:27:13,7669382","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7670171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 557.056, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7676581","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,7678568","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:13,7683634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 614.808, Length: 61.440"
"12:27:13,7688094","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 618.496, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7701725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 676.248, Length: 61.440"
"12:27:13,7703087","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7706521","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 679.936, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7707472","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:13,7709105","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:13,7719774","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 737.688, Length: 61.440"
"12:27:13,7725358","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 741.376, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7738975","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 799.128, Length: 61.440"
"12:27:13,7744186","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 802.816, Length: 61.440, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:13,7751440","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7757215","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:13,7759207","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:13,7759907","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 860.568, Length: 61.440"
"12:27:13,7763905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 922.008, Length: 54.376"
"12:27:13,7788480","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7793742","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:13,7796163","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,7823780","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7829019","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:13,7831445","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,7857904","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7863111","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:13,7865508","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:13,7873168","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7878799","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,7888358","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7895985","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:13,7898443","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,7920336","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,7929997","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:13,7932806","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:13,7941221","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:13,7946460","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,7968502","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:13,8060319","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,8084362","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8088813","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:13,8090786","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,8096808","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8101263","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:13,8105261","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,8118505","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8123674","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:13,8126935","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,8139782","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8144177","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:13,8147363","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,8160602","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8165034","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:13,8168229","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,8191956","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,8214348","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8218402","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: DNCI"
"12:27:13,8220030","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,8243672","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8247698","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:13,8249662","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,8272567","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8276602","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,8278566","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,8299824","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8303846","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,8305833","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:13,8333207","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8339225","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:13,8341240","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:13,8364929","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8369319","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:13,8370956","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:13,8393017","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8397043","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:13,8398984","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,8419883","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8425504","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:13,8427132","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,8448372","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8452379","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:13,8454003","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:13,8459629","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8464051","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,8471277","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8476861","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:13,8478876","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,8495325","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:13,8580774","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:13,8583974","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:13,8593845","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,8596262","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:13,8598641","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:13,8609035","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:13,8611442","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:13,8613868","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:13,8638307","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,8677689","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8682961","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:13,8684948","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,8691381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8696177","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:13,8700170","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,8713787","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8718214","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:13,8721853","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,8744007","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8749251","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:13,8752866","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,8767285","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8771731","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:13,8774927","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,8799343","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8803812","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, FileAttributes: ANCI"
"12:27:13,8805450","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,8829465","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8833533","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, FileAttributes: DNCI"
"12:27:13,8835488","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,8857558","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8861598","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:13,8863221","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,8885622","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8889653","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,8891267","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,8928414","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8934824","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,8935403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 977.736, Length: 4.096"
"12:27:13,8937236","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:13,8962945","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8967750","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:13,8969723","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:13,8992633","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,8999808","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:13,9001454","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:13,9007990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 956.892, Length: 4.096"
"12:27:13,9010831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,9018472","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 112.640, Length: 4.096"
"12:27:13,9022857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 956.892, Length: 4.096"
"12:27:13,9046070","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9051309","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:13,9053311","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,9068836","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 976.384, Length: 4.096"
"12:27:13,9076566","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9080923","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:13,9082565","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,9104210","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9108241","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:13,9109860","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:13,9115500","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9119913","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,9129140","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9134757","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:13,9136772","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,9151621","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9158735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 967.680, Length: 4.096"
"12:27:13,9159598","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:13,9163260","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:13,9166008","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:13,9173537","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:13,9177190","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:13,9181575","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:13,9185134","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:11, LastWriteTime: 06.10.2013 12:27:11, ChangeTime: 06.10.2013 12:27:11, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:13,9224894","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,9266972","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9272551","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, FileAttributes: ANCI"
"12:27:13,9274534","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:13,9280939","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9285404","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:13,9291016","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,9302743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgkrnl.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:13,9305011","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9309461","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:13,9312703","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,9326698","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9333140","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:13,9336341","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,9349608","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9354016","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:13,9357189","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,9379702","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9384451","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, FileAttributes: ANCI"
"12:27:13,9386098","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:13,9407748","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9411769","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, FileAttributes: DNCI"
"12:27:13,9413402","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,9435080","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9439087","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:13,9441033","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:13,9462268","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9465953","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,9467572","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,9488812","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9492814","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:13,9494801","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:13,9516452","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9520118","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:13,9522465","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:13,9542981","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9546975","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:13,9548598","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:13,9570267","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9574246","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:13,9576243","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,9597931","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9602316","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:13,9603948","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,9625976","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9632041","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:13,9633669","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:13,9639664","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9644427","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,9650897","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9656849","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:13,9659728","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,9675775","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9683799","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:13,9687778","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:13,9690242","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:13,9700178","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:13,9705781","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, FileAttributes: ANCI"
"12:27:13,9730328","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:13,9818706","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,9843170","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9847919","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, FileAttributes: DNCI"
"12:27:13,9849584","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:13,9855611","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9860407","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:13,9864419","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:13,9877681","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9882412","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:13,9885663","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:13,9898496","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9902900","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:13,9905769","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:13,9919797","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9924592","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:13,9927788","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:13,9951864","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:13,9974345","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:13,9978706","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, FileAttributes: DNCI"
"12:27:13,9980367","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:14,0003193","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0007224","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:14,0008842","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:14,0031729","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0035750","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:14,0037695","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:14,0043401","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:14,0047823","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,0050692","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:14,0053440","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:14,0055441","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:14,0057106","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:14,0058576","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0059472","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:14,0062597","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:14,0064225","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:14,0085484","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0089477","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:14,0091091","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:14,0111566","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0112055","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:14,0115951","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:14,0117602","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:14,0128061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,0148023","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0152067","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:14,0153686","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:14,0159778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:14,0175761","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0179754","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:14,0181368","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:14,0188599","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,0194985","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.864.382, Length: 16.200"
"12:27:14,0198587","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.879.488, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,0203396","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0207394","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:14,0209022","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:14,0214653","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0219085","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:14,0226684","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0230225","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,0235398","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\dxgmms1.sys","NO SUCH FILE","Filter: dxgmms1.sys"
"12:27:14,0235613","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:14,0238486","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:14,0238668","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:14,0247718","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, FileAttributes: ANCI"
"12:27:14,0262352","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,0262567","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:14,0267171","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Filter: dxgmms1.sys, 1: dxgmms1.sys"
"12:27:14,0271953","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:14,0298879","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,0304473","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:14,0306488","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,0309665","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:14,0312930","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,0316886","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,0320128","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,0356795","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,0357388","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:14,0358983","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:14, LastWriteTime: 06.10.2013 12:27:14, ChangeTime: 06.10.2013 12:27:14, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:14,0361199","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:14,0363224","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:14,0370426","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,0374410","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,0378861","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,0380680","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:14,0392319","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:13, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:14,0394092","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,0398062","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:14,0401318","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,0407527","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:14,0433026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 250.992, Length: 4.096"
"12:27:14,0437043","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 249.856, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,0452675","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:14,0470687","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 250.888, Length: 4.096"
"12:27:14,0487994","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,0530529","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 258.048, Length: 7.016"
"12:27:14,0534098","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 258.048, Length: 7.016, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,0550453","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 250.368, Length: 4.096"
"12:27:14,0557633","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 254.464, Length: 4.096"
"12:27:14,0560479","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 65.024, Length: 4.096"
"12:27:14,0575696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 254.976, Length: 4.096"
"12:27:14,0613361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,0626652","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:14,0656601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 67.072, Length: 4.096"
"12:27:14,0672667","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:14,0678708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 262.144, Length: 2.920"
"12:27:14,0684297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:14,0741126","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,0747186","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 4.096, Length: 57.752"
"12:27:14,0750727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 61.848, Length: 61.440"
"12:27:14,0753973","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 123.288, Length: 61.440"
"12:27:14,0761983","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 131.072, Length: 57.344, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,0782103","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 184.728, Length: 61.440"
"12:27:14,0788047","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 246.168, Length: 11.880"
"12:27:14,1025565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 259.400, Length: 4.096"
"12:27:14,1067041","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.974.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1094238","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 250.992, Length: 4.096"
"12:27:14,1097033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,1104641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 74.752, Length: 4.096"
"12:27:14,1106204","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.974.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1108649","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.974.859, Length: 2.920"
"12:27:14,1109437","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 250.992, Length: 4.096"
"12:27:14,1113831","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.977.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1146370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:14,1190851","SynTPEnh.exe","3172","RegOpenKey","HKLM\Software\Policies\Microsoft\Windows\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"12:27:14,1195315","SynTPEnh.exe","3172","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\WheelScrollLines","NAME NOT FOUND","Length: 16"
"12:27:14,1198510","SynTPEnh.exe","3172","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop","SUCCESS",""
"12:27:14,1201683","SynTPEnh.exe","3172","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"12:27:14,1213863","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.977.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1218654","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.977.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1221793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 256.512, Length: 4.096"
"12:27:14,1223739","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.977.779, Length: 5.840"
"12:27:14,1240654","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.983.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1338153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxgmms1.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,1380236","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:58110 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 44, seqnum: 0, connid: 0"
"12:27:14,1523885","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:58110 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 344, seqnum: 0, connid: 0"
"12:27:14,1679924","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.983.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1682793","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.983.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1685191","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.983.619, Length: 1.460"
"12:27:14,1688391","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.985.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1819562","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.985.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1825967","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.985.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1827646","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.985.079, Length: 7.300"
"12:27:14,1832834","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.992.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1854843","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.992.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1857703","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.992.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1860852","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.992.379, Length: 2.920"
"12:27:14,1864887","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.995.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1892905","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.995.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1895746","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 407.995.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1897780","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 407.995.299, Length: 5.840"
"12:27:14,1900999","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.001.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1974137","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.001.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1977355","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.001.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,1979021","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.001.139, Length: 2.920"
"12:27:14,1982216","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.004.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2008093","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.004.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2011289","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.004.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2013691","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.004.059, Length: 5.840"
"12:27:14,2017339","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.009.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2045665","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.009.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2049220","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.009.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2051636","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.009.899, Length: 1.460"
"12:27:14,2055643","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.011.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2077107","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.011.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2080723","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.011.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2083130","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.011.359, Length: 5.840"
"12:27:14,2087104","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.017.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2146686","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.017.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2151719","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.017.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2154159","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.017.199, Length: 4.380"
"12:27:14,2158101","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.021.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,2207331","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:14,2211716","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,2214174","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:14,2216912","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:14,2218578","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:14,2220985","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:14,2223779","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:14,2264211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:14,2270985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,2290601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:14,2321758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,2329386","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 83.490, Length: 16.200"
"12:27:14,2354656","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,2360240","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\HDAudBus.sys","NO SUCH FILE","Filter: HDAudBus.sys"
"12:27:14,2363907","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:14,2383924","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,2388752","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\HDAudBus.sys","SUCCESS","Filter: HDAudBus.sys, 1: hdaudbus.sys"
"12:27:14,2393926","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:14,2426828","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,2434115","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:14,2436923","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,2444947","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,2448968","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,2452560","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,2479799","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,2483041","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:14,2484669","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:14,2491051","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,2495819","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,2499495","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,2513494","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,2517119","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:14,2520707","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,2548799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 70.152, Length: 4.096"
"12:27:14,2554407","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:14,2585760","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,2628277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 115.712, Length: 4.096"
"12:27:14,2632713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 71.168, Length: 4.096"
"12:27:14,2654741","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 118.272, Length: 4.096"
"12:27:14,2663997","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,2669147","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 68.608, Length: 4.096"
"12:27:14,2724987","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,2732955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:14,2736164","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 70.152, Length: 4.096"
"12:27:14,2740965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,2746217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:14,2751447","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:14,2757031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:14,2762228","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:14,2767121","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:14,2772323","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:14,2777524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:14,2783122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:14,2788338","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:14,2793539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:14,2798736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:14,2803620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:14,2808817","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:14,2814014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:14,2819206","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:14,2826007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:14,2831661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:14,2836877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:14,2842069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:14,2847359","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:14,2852556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:14,2857757","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:14,2862959","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:14,2868972","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:14,2874239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:14,2879450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:14,2884642","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:14,2889843","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:14,2895035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 118.784, Length: 3.584"
"12:27:14,2913094","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 70.152, Length: 4.096"
"12:27:14,2917899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,2923133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:14,2927980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:14,2932747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:14,2937212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:14,2941961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:14,2946057","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:14,2950451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:14,2954883","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:14,2959683","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:14,2964105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:14,2968495","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:14,2972894","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:14,2977298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:14,2981734","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:14,2986148","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:14,2990551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:14,2994955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:14,2999354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:14,3003758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:14,3007840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:14,3012230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:14,3016633","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:14,3021811","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:14,3027064","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:14,3031888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:14,3036693","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:14,3041115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:14,3045514","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:14,3049918","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 118.784, Length: 3.584"
"12:27:14,3069175","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 70.152, Length: 4.096"
"12:27:14,3238925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hdaudbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,3441941","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:14,3446382","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:14,3449998","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:14,3454397","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:14,3456818","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:14,3459174","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:14,3461973","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:14,3464422","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:14,3467240","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:14,3469656","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:14,3471690","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:14,3474088","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:14,3476467","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:14,3478865","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:14,3480512","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:14,3482877","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:14,3485708","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3488134","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:14,3491703","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:14,3494945","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:14,3498150","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:14,3501751","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:14,3504965","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:14,3508516","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:14,3510997","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:14,3514557","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:14,3517020","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:14,3520145","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:14,3527595","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3531575","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:14,3535185","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3544095","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3548079","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3552105","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3555301","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:14,3559289","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:14,3559327","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3562508","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3563311","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3565718","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3565741","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:14,3568503","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:14,3569296","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3570154","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:14,3571708","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3572127","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:14,3574521","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:14,3575365","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3578145","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:14,3580557","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3582535","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:14,3585815","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3588184","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3590587","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3592597","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:14,3595770","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3598205","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3600234","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3602609","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3604619","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3607040","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3609042","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:14,3609391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:14,3611085","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3613086","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:14,3613884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,3628439","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3631919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui","SUCCESS","Offset: 184, Length: 3.912"
"12:27:14,3632488","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3636514","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3639695","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:14,3643707","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3646124","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3648489","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3650882","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3652776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,3652902","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3655300","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3656965","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:14,3658780","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.090.696, Length: 16.200"
"12:27:14,3659340","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3660977","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:14,3669402","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3671781","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3674193","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3676185","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:14,3678224","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3678881","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,3684862","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\HDAudBus.sys.mui","NO SUCH FILE","Filter: HDAudBus.sys.mui"
"12:27:14,3688510","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:14,3694350","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3697168","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3699986","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3702360","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:14,3705117","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3706559","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,3707165","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3709176","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3710543","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\HDAudBus.sys.mui","SUCCESS","Filter: HDAudBus.sys.mui, 1: hdaudbus.sys.mui"
"12:27:14,3711536","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,3713225","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:14,3714181","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:14,3715609","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3717601","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:14,3719635","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:14,3721995","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:14,3744644","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,3750246","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:14,3752266","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,3758667","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,3762315","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,3766695","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,3794788","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,3798021","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:14,3799649","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:14,3806003","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,3809282","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,3812832","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,3827690","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,3832495","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:14,3836530","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,4439906","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,4443069","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,4445089","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976242, endtime: 976242, seqnum: 0, connid: 0"
"12:27:14,4508682","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.021.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,4511887","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.021.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,4514275","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.021.579, Length: 2.920"
"12:27:14,4517956","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.024.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,4629515","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:14,4632319","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:14,4634353","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:14,4637539","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:14,4641159","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:14,4754593","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,4757802","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976242, endtime: 976242, seqnum: 0, connid: 0"
"12:27:14,4768579","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,4770253","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,4771835","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976242, endtime: 976243, seqnum: 0, connid: 0"
"12:27:14,4866646","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.024.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,4870705","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.024.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,4873130","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.024.499, Length: 1.460"
"12:27:14,4876695","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.025.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,4906373","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.025.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,4909200","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.027.136, EndOfFile: 408.025.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,4914019","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.025.959, Length: 2.920, Priority: Normal"
"12:27:14,4942354","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.028.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5075512","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,5078717","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976243, endtime: 976243, seqnum: 0, connid: 0"
"12:27:14,5086773","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,5088747","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976243, endtime: 976243, seqnum: 0, connid: 0"
"12:27:14,5135621","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.028.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5139175","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.028.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5141587","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.028.879, Length: 1.460"
"12:27:14,5144853","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.030.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5175306","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.030.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5178100","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.030.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5180059","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.030.339, Length: 1.460"
"12:27:14,5182872","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.031.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5440110","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,5442932","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,5444947","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976243, endtime: 976243, seqnum: 0, connid: 0"
"12:27:14,5453410","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,5455397","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976243, endtime: 976243, seqnum: 0, connid: 0"
"12:27:14,5506651","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:14,5511410","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.031.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5511466","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,5514605","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.031.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5517012","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.031.799, Length: 2.920"
"12:27:14,5517656","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:14,5522088","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:14,5523903","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.034.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5524336","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:14,5527966","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:14,5531119","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:14,5547004","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.034.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5549812","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.034.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5551771","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.034.719, Length: 1.460"
"12:27:14,5554584","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.036.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5568024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:14,5572852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,5605755","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:14,5635718","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,5641754","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 7.512, Length: 16.200"
"12:27:14,5663428","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,5667883","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\HECIx64.sys","NO SUCH FILE","Filter: HECIx64.sys"
"12:27:14,5671051","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:14,5687075","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,5690746","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Filter: HECIx64.sys, 1: HECIx64.sys"
"12:27:14,5694726","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:14,5721162","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,5726844","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:14,5728864","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,5735269","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,5739216","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,5742448","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,5758533","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,5762107","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976243, endtime: 976243, seqnum: 0, connid: 0"
"12:27:14,5768540","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,5771777","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:14,5773727","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:14,5777725","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,5779344","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,5779792","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,5780944","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976243, endtime: 976244, seqnum: 0, connid: 0"
"12:27:14,5783403","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,5786635","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,5799833","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,5803448","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:14,5806653","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,5834312","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 51.812, Length: 4.096"
"12:27:14,5839536","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:14,5855603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 9.108, Length: 4.096"
"12:27:14,5872448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,5897149","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.036.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5899972","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.036.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5901926","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.036.179, Length: 1.460"
"12:27:14,5908369","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.037.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5912553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 56.320, Length: 8.304"
"12:27:14,5918981","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 51.712, Length: 4.096"
"12:27:14,5923035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 48.640, Length: 4.096"
"12:27:14,5933508","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.037.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5937082","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.037.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5939144","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.037.639, Length: 2.920"
"12:27:14,5942731","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.040.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,5944620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 56.320, Length: 4.096"
"12:27:14,5948306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 53.760, Length: 4.096"
"12:27:14,5957486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,5968748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 56.320, Length: 4.096"
"12:27:14,5989633","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 60.416, Length: 4.208"
"12:27:14,5993645","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:14,6042590","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,6047782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 4.096, Length: 52.224"
"12:27:14,6085335","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,6088162","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,6090178","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976244, endtime: 976244, seqnum: 0, connid: 0"
"12:27:14,6098561","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,6100235","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976244, endtime: 976244, seqnum: 0, connid: 0"
"12:27:14,6110727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 60.904, Length: 3.720"
"12:27:14,6152786","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.040.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6156724","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.040.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6159159","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.040.559, Length: 2.920"
"12:27:14,6162821","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.043.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6174138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 51.812, Length: 4.096"
"12:27:14,6176555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,6179685","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.043.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6182167","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.043.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6184126","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.043.479, Length: 1.460"
"12:27:14,6184182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 50.176, Length: 4.096"
"12:27:14,6186958","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.044.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6218302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 56.320, Length: 4.096"
"12:27:14,6288925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 55.808, Length: 4.096"
"12:27:14,6406973","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,6410159","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,6412193","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976244, endtime: 976244, seqnum: 0, connid: 0"
"12:27:14,6426911","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,6430111","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976244, endtime: 976244, seqnum: 0, connid: 0"
"12:27:14,6443383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\HECIx64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,6503305","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.044.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6506477","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.044.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6508446","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.044.939, Length: 2.920"
"12:27:14,6515691","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.047.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6539977","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.047.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6542440","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.047.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6544404","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.047.859, Length: 1.460"
"12:27:14,6546867","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.049.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6736271","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,6739438","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976244, endtime: 976244, seqnum: 0, connid: 0"
"12:27:14,6763976","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,6767106","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,6768767","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,6771179","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976244, endtime: 976244, seqnum: 0, connid: 0"
"12:27:14,6835057","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.049.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6837879","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.049.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6839838","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.049.319, Length: 1.460"
"12:27:14,6842245","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.050.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6876099","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.050.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6882164","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.050.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6886120","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.050.779, Length: 2.920"
"12:27:14,6890174","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.053.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6911250","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.053.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6914100","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.053.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6916069","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.053.699, Length: 1.460"
"12:27:14,6918518","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.055.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,6954159","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:14,6958147","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,6960554","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:14,6963372","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:14,6965019","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:14,6966983","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:14,6969003","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:14,7003528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:14,7007970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,7029111","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:14,7056336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,7061379","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7062387","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 661.668, Length: 16.200"
"12:27:14,7064211","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7066539","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976245, endtime: 976245, seqnum: 0, connid: 0"
"12:27:14,7076965","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7078598","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7079852","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976245, endtime: 976245, seqnum: 0, connid: 0"
"12:27:14,7083640","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,7088077","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\usbehci.sys","NO SUCH FILE","Filter: usbehci.sys"
"12:27:14,7091244","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:14,7106550","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,7110525","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Filter: usbehci.sys, 1: usbehci.sys"
"12:27:14,7114532","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:14,7132026","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.055.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7134848","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.055.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7136504","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.055.159, Length: 2.920"
"12:27:14,7139648","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.058.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7140619","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,7145853","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:14,7147864","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,7154222","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,7157833","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,7161448","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,7177374","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.058.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7180934","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.058.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7183341","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.058.079, Length: 2.920"
"12:27:14,7186956","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.060.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7187129","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,7190348","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:14,7191971","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:14,7197998","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,7201581","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,7204809","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,7217652","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,7221267","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:14,7225676","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,7257038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 50.788, Length: 1.948"
"12:27:14,7263835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:14,7280671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 27.444, Length: 4.096"
"12:27:14,7297573","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,7348137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 50.688, Length: 2.048"
"12:27:14,7352876","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 46.080, Length: 4.096"
"12:27:14,7362929","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 51.712, Length: 1.024"
"12:27:14,7373071","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,7381650","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7384486","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7386502","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976245, endtime: 976245, seqnum: 0, connid: 0"
"12:27:14,7396956","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7398878","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7400137","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976245, endtime: 976245, seqnum: 0, connid: 0"
"12:27:14,7444763","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 50.788, Length: 1.948"
"12:27:14,7448387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,7454988","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.060.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7456794","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 48.128, Length: 4.096"
"12:27:14,7457820","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.060.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7459462","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.060.999, Length: 2.920"
"12:27:14,7462588","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.063.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7463264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,7468871","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:14,7474446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:14,7480058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:14,7485274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:14,7489738","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.063.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7492080","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:14,7492887","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.063.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7494958","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.063.919, Length: 2.920"
"12:27:14,7498951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:14,7498970","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.066.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7504559","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:14,7509783","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:14,7515825","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:14,7525010","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:14,7534522","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:14,7540950","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 49.152, Length: 3.584"
"12:27:14,7561420","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,7566221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:14,7570634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:14,7574725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:14,7579133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:14,7583546","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:14,7587955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:14,7592359","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:14,7596762","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:14,7601171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:14,7605584","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:14,7609988","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:14,7614405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 49.152, Length: 3.584"
"12:27:14,7699406","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7702205","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7704207","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976245, endtime: 976245, seqnum: 0, connid: 0"
"12:27:14,7712622","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,7714610","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976245, endtime: 976245, seqnum: 0, connid: 0"
"12:27:14,7764007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbehci.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,7764367","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.066.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7767492","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.066.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7769120","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.066.839, Length: 2.920"
"12:27:14,7772325","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.069.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7801533","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.069.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7804313","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.069.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,7805941","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.069.759, Length: 1.460"
"12:27:14,7808703","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.071.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,8216102","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:14,8220463","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,8226519","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:14,8228930","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:14,8230913","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:14,8232551","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:14,8234575","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:14,8268686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:14,8273467","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,8290947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:14,8323476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,8329848","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 518.136, Length: 16.200"
"12:27:14,8351522","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,8355958","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\USBPORT.SYS","NO SUCH FILE","Filter: USBPORT.SYS"
"12:27:14,8359117","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:14,8374796","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,8378448","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\USBPORT.SYS","SUCCESS","Filter: USBPORT.SYS, 1: usbport.sys"
"12:27:14,8382428","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:14,8408920","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,8414504","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:14,8416505","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,8423354","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,8427342","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,8430561","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,8456648","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,8459885","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:14,8461831","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:14,8467872","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,8471473","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:14,8474701","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:14,8487964","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:14,8491579","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:14,8494784","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:14,8520404","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 209.508, Length: 4.096"
"12:27:14,8526362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 208.896, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,8542717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:14,8573571","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,8585686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 274.950, Length: 4.096"
"12:27:14,8589292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 274.432, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,8609370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:14,8618915","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 274.950, Length: 4.096"
"12:27:14,8638261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,8643817","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:14,8650665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:14,8654266","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 193.536, Length: 4.096"
"12:27:14,8657481","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 192.512, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,8665472","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8668280","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8669838","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8670706","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8671872","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8674699","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8675884","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8677120","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 10220, startime: 976246, endtime: 976246, seqnum: 0, connid: 0"
"12:27:14,8688274","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8689893","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8691139","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976246, endtime: 976246, seqnum: 0, connid: 0"
"12:27:14,8696919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 235.520, Length: 4.096"
"12:27:14,8700888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 233.472, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,8714370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 321.536, Length: 3.584"
"12:27:14,8718023","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 319.488, Length: 5.632, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,8735661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,8749358","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.071.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,8752199","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.071.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,8753846","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.071.219, Length: 7.300"
"12:27:14,8757400","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.078.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,8761725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 162.816, Length: 4.096"
"12:27:14,8764556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 159.744, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,8790354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:14,8794585","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.078.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,8797071","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.078.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,8799017","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.078.519, Length: 2.920"
"12:27:14,8801876","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.081.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,8840125","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.081.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,8841986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 209.508, Length: 4.096"
"12:27:14,8842569","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.081.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,8844197","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.081.439, Length: 2.920"
"12:27:14,8845531","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,8846614","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.084.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,8853154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 199.680, Length: 4.096"
"12:27:14,8856042","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 200.704, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:14,8870191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 209.508, Length: 4.096"
"12:27:14,8876582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,8882189","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:14,8887414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:14,8893030","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:14,8898265","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:14,8903485","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:14,8908700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:14,8913906","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:14,8919117","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:14,8924762","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:14,8931130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:14,8937133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:14,8945386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:14,8951814","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:14,8957403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:14,8965874","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:14,8969145","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8972373","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976247, endtime: 976247, seqnum: 0, connid: 0"
"12:27:14,8972648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:14,8978297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:14,8983849","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:14,8984875","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8986480","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:14,8988061","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976247, endtime: 976247, seqnum: 0, connid: 0"
"12:27:14,8988752","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:14,8993958","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:14,8999159","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:14,9004365","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:14,9009996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:14,9018915","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:14,9026188","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:14,9031786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:14,9037025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:14,9047176","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:14,9054761","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:14,9060415","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:14,9066055","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:14,9066456","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.084.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,9069675","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.084.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,9071322","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.084.359, Length: 4.380"
"12:27:14,9072073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:14,9074858","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.088.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:14,9081356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:14,9087314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:14,9092571","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:14,9097796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:14,9103007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:14,9108218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:14,9113424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:14,9118653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:14,9125814","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:14,9134332","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:14,9140742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:14,9146321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:14,9151537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:14,9156752","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:14,9161963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:14,9167169","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:14,9172380","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:14,9177274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:14,9182484","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:14,9187690","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:14,9192897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:14,9198107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:14,9203309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:14,9208524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:14,9213735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:14,9218951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:14,9224605","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:14,9229820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:14,9235022","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:14,9240237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:14,9247435","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:14,9252702","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:14,9257913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:14,9263114","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:14,9268325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:14,9273536","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:14,9278742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:14,9283948","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:14,9289150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:14,9294346","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:14,9299552","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:14,9306648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:14,9314261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:14,9319873","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:14,9330239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:14,9335487","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:14,9340707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 323.584, Length: 1.536"
"12:27:14,9358415","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 209.508, Length: 4.096"
"12:27:14,9363608","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:14,9368366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:14,9372779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:14,9376866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:14,9381274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:14,9385682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:14,9390086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:14,9394499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:14,9398908","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:14,9403321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:14,9407729","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:14,9412133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:14,9416546","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:14,9422153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:14,9426613","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:14,9431022","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:14,9435425","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:14,9439829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:14,9444237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:14,9448641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:14,9453050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:14,9457449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:14,9461857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:14,9466256","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:14,9470343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:14,9474747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:14,9479150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:14,9483559","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:14,9487958","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:14,9492366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:14,9496770","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:14,9501178","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:14,9505587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:14,9509986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:14,9514072","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:14,9518476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:14,9523267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:14,9527718","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:14,9532900","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:14,9537659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:14,9541759","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:14,9546154","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:14,9550557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:14,9554957","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:14,9559370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:14,9563778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:14,9568177","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:14,9572586","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:14,9576989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:14,9581388","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:14,9585484","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:14,9589888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:14,9594287","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:14,9598691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:14,9603099","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:14,9607503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:14,9611907","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:14,9616306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:14,9621587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:14,9626401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:14,9630814","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:14,9635213","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:14,9639626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:14,9644837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:14,9649255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:14,9653663","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:14,9658067","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:14,9662475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:14,9666884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:14,9671292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:14,9675691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:14,9680086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:14,9684177","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:14,9688576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:14,9692985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:14,9697388","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:14,9701685","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:14,9701811","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:14,9705356","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,9706224","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:14,9707740","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:14,9710534","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:14,9710642","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:14,9712554","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:14,9714570","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,9715059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 323.584, Length: 1.536"
"12:27:14,9716515","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:14,9718936","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:14,9721800","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:14,9723391","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:14,9725392","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:14,9727020","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:14,9738230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 209.508, Length: 4.096"
"12:27:14,9820848","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 215.040, Length: 4.096"
"12:27:14,9826124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 219.136, Length: 4.096"
"12:27:14,9945967","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,0226502","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:15,0230556","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,0232977","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:15,0235347","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:15,0237311","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:15,0238957","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:15,0240968","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:15,0275424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:15,0279897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,0298772","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:15,0322946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,0328997","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.447.232, Length: 16.200"
"12:27:15,0332565","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.457.600, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,0361498","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,0366293","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\USBPORT.SYS.mui","NO SUCH FILE","Filter: USBPORT.SYS.mui"
"12:27:15,0369451","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:15,0384767","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,0388737","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\USBPORT.SYS.mui","SUCCESS","Filter: USBPORT.SYS.mui, 1: usbport.sys.mui"
"12:27:15,0392380","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:15,0418037","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,0424041","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:15,0426057","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,0432116","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,0436063","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,0439300","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,0465406","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,0468634","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:15,0470579","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:15,0476588","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,0479872","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,0483413","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,0496316","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,0500253","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:15,0503141","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,0609424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 23.040, Length: 2.048"
"12:27:15,0618255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,0767856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:15,0772694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:15,0777494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:15,0781562","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:15,0785943","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:15,0919954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbport.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,1422351","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:15,1427170","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,1429946","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:15,1432348","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:15,1434326","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:15,1435978","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:15,1437998","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:15,1472080","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:15,1478872","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,1496753","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:15,1550951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,1557403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.456.612, Length: 4.096"
"12:27:15,1561382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.456.512, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,1576996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:15,1607477","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,1650395","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.456.512, Length: 4.096"
"12:27:15,1655582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 4.332.032, Length: 4.096"
"12:27:15,1660425","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 4.329.472, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,1684459","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.460.096, Length: 4.096"
"12:27:15,1706501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.476.480, Length: 4.096"
"12:27:15,1709757","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.472.896, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,1730554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,1769101","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 4.627.456, Length: 4.096"
"12:27:15,1773052","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 4.624.384, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,1826107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.456.612, Length: 4.096"
"12:27:15,1894715","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.462.144, Length: 4.096"
"12:27:15,1898293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.464.704, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,1915045","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.466.240, Length: 4.096"
"12:27:15,1918656","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 11.468.800, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,2032496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Netwsw00.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,2595925","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:15,2600758","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,2603202","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:15,2605582","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:15,2607233","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:15,2609188","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:15,2611968","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:15,2655651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:15,2660820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,2679382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:15,2702376","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,2708384","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.710.968, Length: 16.200"
"12:27:15,2730426","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,2734881","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\vwifibus.sys","NO SUCH FILE","Filter: vwifibus.sys"
"12:27:15,2738040","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:15,2753733","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,2757712","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Filter: vwifibus.sys, 1: vwifibus.sys"
"12:27:15,2761714","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:15,2787764","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,2793021","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:15,2795027","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,2801442","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,2805066","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,2808290","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,2835100","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,2838332","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:15,2839960","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:15,2846002","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,2849612","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,2853158","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,2866066","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,2869681","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:15,2872877","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,2898539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 6.036, Length: 4.096"
"12:27:15,2903745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:15,2931749","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,2934954","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:15,2939474","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,2942171","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:15,2945777","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:15,2948188","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:15,2950554","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,2952569","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:15,2954636","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:15,2957029","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:15,2959039","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:15,2961022","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,2962991","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:15,2965010","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:15,2967856","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:15,2969848","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:15,2971817","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,2973468","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:15,2975479","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:15,2978250","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:15,2979915","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:15,2985373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:15,2990533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 11.264, Length: 4.096"
"12:27:15,3000558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 22.528, Length: 2.048"
"12:27:15,3009407","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,3013839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 5.120, Length: 4.096"
"12:27:15,3076719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,3087187","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 12.800, Length: 4.096"
"12:27:15,3090770","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 6.036, Length: 4.096"
"12:27:15,3191897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 10.132, Length: 4.096"
"12:27:15,3313887","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifibus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,3591137","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:15,3595480","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,3597916","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:15,3600299","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:15,3601951","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:15,3603915","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:15,3605930","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:15,3641622","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Synchronous"
"12:27:15,3646110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,3665927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui","SUCCESS","Offset: 184, Length: 2.376"
"12:27:15,3684321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui","SUCCESS","Offset: 0, Length: 2.560"
"12:27:15,3689583","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 809.088, Length: 16.200"
"12:27:15,3710011","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,3714438","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\vwifibus.sys.mui","NO SUCH FILE","Filter: vwifibus.sys.mui"
"12:27:15,3717270","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:15,3734082","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,3737744","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui","SUCCESS","Filter: vwifibus.sys.mui, 1: vwifibus.sys.mui"
"12:27:15,3741728","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:15,3767437","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,3773002","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:15,3775013","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,3781404","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,3785033","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,3788266","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,3814344","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,3817581","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:15,3819209","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:15,3830508","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,3836138","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,3841708","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,3858199","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,3862211","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:15,3866242","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,4073433","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4076983","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4078998","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976252, endtime: 976252, seqnum: 0, connid: 0"
"12:27:15,4089453","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4091071","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4092639","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976252, endtime: 976252, seqnum: 0, connid: 0"
"12:27:15,4147826","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.088.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4153074","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.088.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4157478","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.088.739, Length: 2.920"
"12:27:15,4161863","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.091.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4206801","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.091.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4209586","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.092.672, EndOfFile: 408.091.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4213252","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.091.659, Length: 2.920, Priority: Normal"
"12:27:15,4240048","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.094.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4407508","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4410349","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4412369","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976252, endtime: 976252, seqnum: 0, connid: 0"
"12:27:15,4437224","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4439258","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4440461","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4442066","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976252, endtime: 976252, seqnum: 0, connid: 0"
"12:27:15,4488450","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.094.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4491282","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.094.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4492924","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.094.579, Length: 2.920"
"12:27:15,4501181","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.097.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4528130","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.097.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4530920","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.097.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4534787","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.097.499, Length: 4.380"
"12:27:15,4539256","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.101.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4628274","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:15,4631096","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:15,4633461","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:15,4636722","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:15,4640660","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:15,4725619","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4728791","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976252, endtime: 976252, seqnum: 0, connid: 0"
"12:27:15,4740812","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4742422","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4743686","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976252, endtime: 976252, seqnum: 0, connid: 0"
"12:27:15,4758885","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4760536","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,4762122","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976252, endtime: 976252, seqnum: 0, connid: 0"
"12:27:15,4788624","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:15,4794371","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,4797558","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:15,4799993","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:15,4801971","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:15,4803935","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:15,4805950","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:15,4842090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:15,4848886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,4857069","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.101.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4860283","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.101.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4862261","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.101.879, Length: 4.380"
"12:27:15,4865848","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.106.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4881364","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:15,4919155","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,4926008","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.365.558, Length: 16.200"
"12:27:15,4948069","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,4952519","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\RtsPStor.sys","NO SUCH FILE","Filter: RtsPStor.sys"
"12:27:15,4955668","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:15,4971366","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,4975350","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Filter: RtsPStor.sys, 1: RtsPStor.sys"
"12:27:15,4979348","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:15,4987987","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.106.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4990824","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.106.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,4994775","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.106.259, Length: 2.920"
"12:27:15,4998022","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.109.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,5007464","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,5012703","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:15,5015026","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,5022261","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,5025919","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,5029151","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,5054786","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,5057221","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,5059222","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976253, endtime: 976253, seqnum: 0, connid: 0"
"12:27:15,5071640","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,5073268","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,5074449","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,5076011","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976253, endtime: 976253, seqnum: 0, connid: 0"
"12:27:15,5081539","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,5086773","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:15,5089568","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:15,5098371","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,5103591","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,5108755","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,5128437","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,5133312","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:15,5138471","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,5169810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 328.292, Length: 4.096"
"12:27:15,5174550","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 327.680, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,5189016","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:15,5208488","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.109.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,5211320","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.109.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,5212952","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.109.179, Length: 7.300"
"12:27:15,5216512","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.116.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,5223976","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,5267668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 333.312, Length: 6.800"
"12:27:15,5271312","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 335.872, Length: 4.240, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,5287308","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 328.192, Length: 4.096"
"12:27:15,5291758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 314.880, Length: 4.096"
"12:27:15,5294567","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 311.296, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,5333207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 333.312, Length: 4.096"
"12:27:15,5338026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 331.264, Length: 4.096"
"12:27:15,5347272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,5364192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 333.312, Length: 4.096"
"12:27:15,5375308","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,5378481","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,5380496","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976253, endtime: 976253, seqnum: 0, connid: 0"
"12:27:15,5388552","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,5389868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 337.408, Length: 2.704"
"12:27:15,5390530","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976253, endtime: 976253, seqnum: 0, connid: 0"
"12:27:15,5395858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:15,5455504","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.116.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,5458667","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.116.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,5460043","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,5464181","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.116.479, Length: 2.920"
"12:27:15,5467260","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 4.096, Length: 57.760"
"12:27:15,5470899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 61.856, Length: 61.440"
"12:27:15,5474897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 123.296, Length: 61.440"
"12:27:15,5475396","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.119.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,5492890","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.119.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,5495703","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.119.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,5497056","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 184.736, Length: 61.440"
"12:27:15,5497681","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.119.399, Length: 1.460"
"12:27:15,5500139","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.120.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,5501109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 246.176, Length: 61.440"
"12:27:15,5519448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 307.616, Length: 25.696"
"12:27:15,5833556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 337.935, Length: 2.177"
"12:27:15,5902952","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 328.292, Length: 4.096"
"12:27:15,5906195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,5914237","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 322.048, Length: 4.096"
"12:27:15,5917834","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 328.292, Length: 4.096"
"12:27:15,5962804","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 333.312, Length: 4.096"
"12:27:15,6025609","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6028455","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6030008","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6030867","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6032038","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6034846","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6036031","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6037626","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 10220, startime: 976254, endtime: 976254, seqnum: 0, connid: 0"
"12:27:15,6043980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 332.800, Length: 4.096"
"12:27:15,6049573","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6052382","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976254, endtime: 976254, seqnum: 0, connid: 0"
"12:27:15,6112686","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.120.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6115527","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.120.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6117491","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.120.859, Length: 10.220"
"12:27:15,6123523","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.131.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6135447","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\RtsPStor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,6160922","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.131.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6163726","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.131.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6165690","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.131.079, Length: 1.460"
"12:27:15,6168153","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.132.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6325359","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6328531","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976254, endtime: 976254, seqnum: 0, connid: 0"
"12:27:15,6340562","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6343720","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976254, endtime: 976254, seqnum: 0, connid: 0"
"12:27:15,6476472","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.132.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6480834","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.132.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6485168","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.132.539, Length: 1.460"
"12:27:15,6491955","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.133.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6504789","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.133.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6507938","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.133.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6509589","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.133.999, Length: 1.460"
"12:27:15,6512393","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.135.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6695830","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6698633","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6700639","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976254, endtime: 976254, seqnum: 0, connid: 0"
"12:27:15,6709032","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,6710552","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:15,6711014","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976254, endtime: 976254, seqnum: 0, connid: 0"
"12:27:15,6714625","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,6717391","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:15,6719780","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:15,6721832","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:15,6723806","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:15,6727995","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:15,6773521","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.135.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6778736","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.135.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6780700","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.135.459, Length: 2.920"
"12:27:15,6783900","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.138.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6787987","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:15,6793132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,6824280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:15,6854034","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,6860514","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.142.348, Length: 16.200"
"12:27:15,6886544","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,6891363","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\L1C62x64.sys","NO SUCH FILE","Filter: L1C62x64.sys"
"12:27:15,6894568","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:15,6904243","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.138.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6907056","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.138.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6909011","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.138.379, Length: 1.460"
"12:27:15,6911479","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.139.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,6928585","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,6933367","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Filter: L1C62x64.sys, 1: L1C62x64.sys"
"12:27:15,6937785","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:15,6964674","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,6970258","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:15,6972273","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,6978351","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,6982303","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,6985531","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,7011636","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,7015200","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:15,7015448","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7016828","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:15,7018592","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7020621","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976255, endtime: 976255, seqnum: 0, connid: 0"
"12:27:15,7024082","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,7027702","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,7031253","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,7036081","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7038954","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7041357","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976255, endtime: 976255, seqnum: 0, connid: 0"
"12:27:15,7045686","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,7049315","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:15,7052534","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,7079824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 91.580, Length: 4.096"
"12:27:15,7085432","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:15,7092089","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.139.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7094906","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.139.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7096852","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.139.839, Length: 2.920"
"12:27:15,7099702","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.142.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7101913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 91.144, Length: 4.096"
"12:27:15,7118731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,7138725","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.142.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7142433","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.142.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7146091","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.142.759, Length: 2.920"
"12:27:15,7149319","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.145.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7161275","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 96.768, Length: 6.768"
"12:27:15,7167643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 91.136, Length: 4.096"
"12:27:15,7172080","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:15,7180136","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 94.720, Length: 4.096"
"12:27:15,7209796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,7226641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 96.768, Length: 4.096"
"12:27:15,7247951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 100.864, Length: 2.672"
"12:27:15,7253521","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:15,7301095","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,7307150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:27:15,7310369","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 61.840, Length: 34.928"
"12:27:15,7336329","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7339483","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7341503","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976255, endtime: 976255, seqnum: 0, connid: 0"
"12:27:15,7356566","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7359001","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7361385","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976255, endtime: 976255, seqnum: 0, connid: 0"
"12:27:15,7400557","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.145.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7403389","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.145.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7405022","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.145.679, Length: 2.920"
"12:27:15,7416609","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.148.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7417878","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 101.354, Length: 2.182"
"12:27:15,7447972","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.148.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7450379","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.148.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7451989","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.148.599, Length: 2.920"
"12:27:15,7455152","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.151.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7494501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 91.580, Length: 4.096"
"12:27:15,7496936","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,7504489","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:15,7508127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 91.580, Length: 4.096"
"12:27:15,7541477","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 96.768, Length: 4.096"
"12:27:15,7614079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 96.256, Length: 4.096"
"12:27:15,7660108","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7663360","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976255, endtime: 976255, seqnum: 0, connid: 0"
"12:27:15,7678209","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7680243","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7682225","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976255, endtime: 976255, seqnum: 0, connid: 0"
"12:27:15,7707118","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7709086","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:15,7709842","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\L1C62x64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,7710369","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976255, endtime: 976255, seqnum: 0, connid: 0"
"12:27:15,7789292","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.151.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7792501","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.151.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7794465","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.151.519, Length: 4.380"
"12:27:15,7797703","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.155.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7843751","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.155.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7846606","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.158.208, EndOfFile: 408.155.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,7850954","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.155.899, Length: 2.920, Priority: Normal"
"12:27:15,7870607","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 408.158.208, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:15,7875417","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.158.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:15,8224620","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:15,8229019","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,8231464","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:15,8233843","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:15,8235811","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:15,8237449","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:15,8239459","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:15,8284080","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:15,8290490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,8324591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:15,8352665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,8358683","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.700.114, Length: 16.200"
"12:27:15,8380375","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,8384825","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\nusb3xhc.sys","NO SUCH FILE","Filter: nusb3xhc.sys"
"12:27:15,8387998","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:15,8404871","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,8409251","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Filter: nusb3xhc.sys, 1: nusb3xhc.sys"
"12:27:15,8413235","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:15,8443394","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,8449016","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:15,8451036","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,8459395","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,8464200","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,8468627","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,8496697","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,8499953","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:15,8501590","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:15,8507972","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,8511592","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,8514825","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,8529636","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,8533606","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:15,8536834","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,8562902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 208.044, Length: 4.096"
"12:27:15,8566140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 204.800, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,8582192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:15,8601081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 206.856, Length: 4.096"
"12:27:15,8619074","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,8672059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 206.848, Length: 4.096"
"12:27:15,8677302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 144.384, Length: 4.096"
"12:27:15,8680125","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 143.360, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,8701196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 210.944, Length: 2.560"
"12:27:15,8704816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 212.992, Length: 512, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,8749087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,8815643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 208.044, Length: 4.096"
"12:27:15,8818493","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,8832404","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 157.696, Length: 4.096"
"12:27:15,8836803","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 155.648, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,8850649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 208.044, Length: 4.096"
"12:27:15,8979384","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 212.992, Length: 512"
"12:27:15,9111427","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3xhc.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,9644128","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:15,9648163","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:15,9650930","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:15,9652987","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:15,9654955","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:15,9656915","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:15,9658930","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:15,9693852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:15,9698653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:15,9716827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:15,9736845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:15,9746683","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.234.662, Length: 16.200"
"12:27:15,9769547","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,9774016","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\USBD.SYS","NO SUCH FILE","Filter: USBD.SYS"
"12:27:15,9777164","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:15,9794047","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,9798474","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\USBD.SYS","SUCCESS","Filter: USBD.SYS, 1: usbd.sys"
"12:27:15,9802477","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:15,9831344","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,9836611","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:15,9838621","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,9845017","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,9848637","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,9852173","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,9878306","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,9881534","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:15,9883480","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:15,9889516","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,9893108","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:15,9896327","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:15,9912291","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:15,9919508","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:15,9925964","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:15,9959221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 6.500, Length: 1.436"
"12:27:15,9966447","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:16,0006944","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,0059472","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 5.760, Length: 2.176"
"12:27:16,0069464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 4.736, Length: 3.200"
"12:27:16,0081518","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,0120410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 4.096, Length: 3.840"
"12:27:16,0165778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,0173815","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 5.120, Length: 2.816"
"12:27:16,0179829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,0185413","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 4.096, Length: 3.840"
"12:27:16,0205514","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,0210305","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 4.096, Length: 3.840"
"12:27:16,0374508","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbd.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,0908889","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,0912952","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,0915709","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:16,0917057","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,0917780","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:16,0919730","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:16,0922529","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:16,0924558","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:16,0925081","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:16,0928314","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:16,0946381","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,0959910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:16,0964696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,0984410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:16,0985493","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,0992700","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, FileAttributes: ANCI"
"12:27:16,0994687","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,1001097","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1005585","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:16,1009923","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,1012120","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,1018176","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 892.842, Length: 16.200"
"12:27:16,1035707","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1040260","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,1045069","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\i8042prt.sys","NO SUCH FILE","Filter: i8042prt.sys"
"12:27:16,1045699","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:16,1048251","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:16,1050924","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,1064331","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,1068343","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Filter: i8042prt.sys, 1: i8042prt.sys"
"12:27:16,1068963","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1072705","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:16,1074170","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:16,1077398","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,1092237","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1097103","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:16,1099239","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,1100275","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,1105192","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:16,1107212","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,1113621","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,1117265","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,1121211","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,1131050","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1138229","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, FileAttributes: ANCI"
"12:27:16,1140277","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,1148110","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,1151347","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:16,1152985","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:16,1159362","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,1162973","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,1166583","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,1166746","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1171164","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:14, LastWriteTime: 06.10.2013 12:27:14, ChangeTime: 06.10.2013 12:27:14, FileAttributes: DNCI"
"12:27:16,1172806","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,1179878","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,1183825","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:16,1187053","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,1195250","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1199276","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,1201226","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,1212356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 88.688, Length: 4.096"
"12:27:16,1217940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:16,1224527","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1230121","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,1232546","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,1260588","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1265836","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,1268224","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:16,1272311","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,1295524","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1299951","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:16,1301579","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:16,1317617","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 90.624, Length: 4.096"
"12:27:16,1324391","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1329630","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:16,1332009","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:16,1339076","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:16,1343480","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,1346316","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:27:16,1349503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 46.080, Length: 4.096"
"12:27:16,1352866","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:27:16,1357270","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:16,1366511","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1366730","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 94.720, Length: 4.096"
"12:27:16,1370966","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:16,1372594","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,1394039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,1396250","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1401853","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:16,1404619","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,1406849","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 88.576, Length: 4.096"
"12:27:16,1435950","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1441580","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:16,1444337","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:16,1452408","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1458426","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,1468404","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1474445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,1476446","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:16,1479292","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,1483649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 50.176, Length: 4.096"
"12:27:16,1487246","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 88.688, Length: 4.096"
"12:27:16,1498493","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1506121","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:16,1509755","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:16,1519635","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:16,1523190","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x6000000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:16,1526021","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,1539704","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1546100","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:16,1548535","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:16,1565366","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,1597601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 97.280, Length: 4.096"
"12:27:16,1605462","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1610714","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, FileAttributes: ANCI"
"12:27:16,1612706","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,1619573","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1633764","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:16,1638984","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,1657458","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1663443","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:16,1667870","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,1684725","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1690318","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:16,1694311","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,1711129","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1716750","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:16,1721200","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,1735270","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\i8042prt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,1755073","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1760335","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, FileAttributes: ANCI"
"12:27:16,1762318","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,1784812","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1789202","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:14, LastWriteTime: 06.10.2013 12:27:14, ChangeTime: 06.10.2013 12:27:14, FileAttributes: DNCI"
"12:27:16,1790839","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,1812443","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1816478","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,1818102","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,1848625","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1853504","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,1855492","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,1877982","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1882357","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,1883985","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:16,1906018","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1910394","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:16,1912027","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:16,1934899","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1938939","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:16,1940889","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:16,1962614","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1966621","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:16,1968245","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,1990240","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,1994303","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:16,1996253","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,2017974","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2022363","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:16,2024341","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:16,2030005","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2033858","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,2034768","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,2038672","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,2041448","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:16,2041611","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2043902","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:16,2045889","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:16,2047237","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:16,2047876","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:16,2049257","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,2049910","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:16,2063327","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2069307","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:16,2071752","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:16,2080844","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:16,2086288","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:16,2087407","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x6000000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:16,2091004","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,2091503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,2109599","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:16,2110247","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:16,2135448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,2141517","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 213.090, Length: 16.200"
"12:27:16,2150651","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2156240","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, FileAttributes: ANCI"
"12:27:16,2158231","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,2162318","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,2164678","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2166801","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\i8042prt.sys.mui","NO SUCH FILE","Filter: i8042prt.sys.mui"
"12:27:16,2169497","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:16,2169992","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:16,2173519","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,2186459","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,2188297","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2191218","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui","SUCCESS","Filter: i8042prt.sys.mui, 1: i8042prt.sys.mui"
"12:27:16,2192757","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:16,2195248","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:16,2196354","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,2209644","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2214384","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:16,2217253","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,2223775","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,2229741","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:16,2231757","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,2233277","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2237732","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:16,2238997","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,2240919","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,2243027","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,2246610","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,2266147","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2270588","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, FileAttributes: ANCI"
"12:27:16,2272225","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,2275104","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,2279083","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:16,2280716","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:16,2287135","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,2290764","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,2294342","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,2294673","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2299040","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:14, LastWriteTime: 06.10.2013 12:27:14, ChangeTime: 06.10.2013 12:27:14, FileAttributes: DNCI"
"12:27:16,2300668","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,2308025","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,2311976","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:16,2315213","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,2323177","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2327548","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,2329166","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,2350392","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2354390","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,2356023","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,2376889","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2380906","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,2382525","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:16,2403820","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2407804","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:16,2409423","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:16,2428018","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,2432776","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,2433826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui","SUCCESS","Offset: 8.704, Length: 2.048"
"12:27:16,2435178","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:16,2437642","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:16,2439979","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,2442027","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,2443100","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2443664","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:16,2445866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,2446085","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:16,2448852","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:16,2449132","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:16,2450452","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,2451147","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:16,2452080","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:16,2454482","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:16,2475186","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2479258","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:16,2481208","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,2502858","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2506889","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:16,2508508","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,2532560","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2537393","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:16,2539031","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:16,2545016","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2549448","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,2556231","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2561497","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:16,2563499","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,2577503","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2582737","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:16,2586362","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:16,2589119","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:16,2598300","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,2599984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:16,2601155","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:16,2605204","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui","SUCCESS","Offset: 8.192, Length: 2.560"
"12:27:16,2605959","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,2716730","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,2800900","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,2840516","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2845349","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:14, LastWriteTime: 06.10.2013 12:27:14, ChangeTime: 06.10.2013 12:27:14, FileAttributes: DNCI"
"12:27:16,2847341","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,2853386","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2858177","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:16,2862213","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,2875862","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2880625","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:16,2883891","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,2897111","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2901524","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:16,2904715","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,2918407","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2923623","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:16,2926813","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,2950045","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2954085","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:14, LastWriteTime: 06.10.2013 12:27:14, ChangeTime: 06.10.2013 12:27:14, FileAttributes: DNCI"
"12:27:16,2956044","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,2977326","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,2981352","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:14, LastWriteTime: 06.10.2013 12:27:14, ChangeTime: 06.10.2013 12:27:14, FileAttributes: DNCI"
"12:27:16,2982975","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,3004257","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3008642","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,3010270","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,3045141","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3051952","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,3054793","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,3089239","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3095658","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,3098084","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:16,3136505","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3142136","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:16,3144151","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:16,3167789","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3172183","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:16,3173820","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:16,3195508","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3199543","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:16,3201475","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,3229203","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3234811","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:16,3237568","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,3262875","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3266934","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:16,3268879","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:16,3274556","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3279333","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,3286182","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3291808","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:16,3294163","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,3308210","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3313803","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:16,3316248","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:16,3326693","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:16,3333098","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:16,3337123","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:16,3339871","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,3349127","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3355177","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:16,3357990","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:16,3360229","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,3364264","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,3367017","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:16,3369074","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:16,3371033","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:16,3372671","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:16,3374014","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,3374700","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:16,3387995","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,3409188","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:16,3413970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,3427965","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3432803","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,3434496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 264, Length: 4.096"
"12:27:16,3435868","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,3446336","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3452382","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:16,3456813","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,3464319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,3470337","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.576.482, Length: 16.200"
"12:27:16,3472394","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3476845","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:16,3480423","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,3491269","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,3494451","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3496041","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\SynTP.sys","NO SUCH FILE","Filter: SynTP.sys"
"12:27:16,3499223","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:16,3499274","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:16,3502484","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,3516050","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,3516553","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3519754","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Filter: SynTP.sys, 1: SynTP.sys"
"12:27:16,3522977","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:16,3524535","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:16,3530637","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,3536673","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,3541077","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,3543498","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:16,3547053","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:16,3549498","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,3551872","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,3553514","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:16,3554237","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,3556252","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3556308","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:16,3558744","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:16,3559845","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:16,3560656","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,3560680","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,3562210","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,3562728","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,3562741","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:16,3564729","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:16,3568661","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,3572295","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,3575864","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,3585978","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3590377","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,3592024","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,3603168","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,3606760","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:16,3608403","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:16,3614803","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,3615638","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3618409","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,3619687","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,3622052","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,3622416","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,3636836","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,3640470","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:16,3643684","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,3644510","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3648549","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,3650164","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:16,3670167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 378.636, Length: 4.096"
"12:27:16,3673027","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3673778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 376.832, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,3677039","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:16,3678657","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:16,3690171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 264, Length: 4.096"
"12:27:16,3699482","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3703499","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:16,3705122","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:16,3732636","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,3735440","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3742274","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:16,3744672","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,3756344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 394.398, Length: 4.096"
"12:27:16,3761172","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 393.216, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,3769499","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3773907","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:16,3775941","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,3784012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:16,3796029","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 394.398, Length: 4.096"
"12:27:16,3799975","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3804029","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:16,3805662","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:16,3811633","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3816070","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,3821742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,3824495","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3832057","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:16,3834221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 450.048, Length: 7.480"
"12:27:16,3834874","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,3838984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 446.464, Length: 11.064, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,3851785","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,3855778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 439.296, Length: 4.096"
"12:27:16,3858936","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:16,3860149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 438.272, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,3862188","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:16,3869768","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:16,3873818","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,3874905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 443.392, Length: 4.096"
"12:27:16,3878921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 393.728, Length: 4.096"
"12:27:16,3893103","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:16,3913060","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 450.048, Length: 4.096"
"12:27:16,3925035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,3930712","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 377.856, Length: 4.096"
"12:27:16,3943522","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 450.048, Length: 4.096"
"12:27:16,3968433","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 454.144, Length: 3.384"
"12:27:16,3974852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 264, Length: 4.096"
"12:27:16,3982899","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,4006933","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4011766","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:14, LastWriteTime: 06.10.2013 12:27:14, ChangeTime: 06.10.2013 12:27:14, FileAttributes: DNCI"
"12:27:16,4013772","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,4020219","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4029400","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,4030240","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:16,4034671","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,4035409","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 4.096, Length: 57.784"
"12:27:16,4038655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 61.880, Length: 61.440"
"12:27:16,4042201","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 123.320, Length: 61.440"
"12:27:16,4051895","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4057087","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:16,4061150","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,4067075","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 184.760, Length: 61.440"
"12:27:16,4072271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 246.200, Length: 61.440"
"12:27:16,4076022","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4081601","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:16,4085576","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,4091925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 307.640, Length: 61.440"
"12:27:16,4096357","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 369.080, Length: 61.440"
"12:27:16,4100327","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 430.520, Length: 19.528"
"12:27:16,4100490","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4105253","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:16,4108439","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,4141005","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,4165492","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4170260","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:14, LastWriteTime: 06.10.2013 12:27:14, ChangeTime: 06.10.2013 12:27:14, FileAttributes: DNCI"
"12:27:16,4172242","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,4192978","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4193949","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4196570","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976262, endtime: 976262, seqnum: 0, connid: 0"
"12:27:16,4198334","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,4199971","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,4213789","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4215869","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4217474","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4219004","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4220651","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976262, endtime: 976262, seqnum: 0, connid: 0"
"12:27:16,4222391","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4231698","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,4234553","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,4272670","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4281846","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,4284319","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:16,4313932","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4319208","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:16,4324429","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:16,4353729","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4359318","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:16,4362532","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:16,4391418","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4396647","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:16,4404667","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,4439477","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4445037","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:16,4447048","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,4470308","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4474371","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:16,4476316","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:16,4481984","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4486425","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,4493241","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4498848","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:16,4500850","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,4515647","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:16,4535455","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4538641","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976262, endtime: 976262, seqnum: 0, connid: 0"
"12:27:16,4555397","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 452.104, Length: 4.096"
"12:27:16,4556727","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4559503","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4561154","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4563090","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4565171","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976262, endtime: 976262, seqnum: 0, connid: 0"
"12:27:16,4599351","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:16,4602542","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:16,4612110","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,4614871","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,4616924","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:16,4628829","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:16,4631614","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:16,4631992","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 378.636, Length: 4.096"
"12:27:16,4632440","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:16,4634450","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:16,4635976","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,4635995","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:16,4637273","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:16,4640030","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:16,4644858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 425.472, Length: 4.096"
"12:27:16,4645222","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:16,4649626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 378.636, Length: 4.096"
"12:27:16,4661741","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,4682603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 450.048, Length: 4.096"
"12:27:16,4699476","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4705046","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, FileAttributes: ANCI"
"12:27:16,4706716","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,4713130","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4717898","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:16,4722320","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,4735970","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4740388","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:16,4743630","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,4753207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 379.904, Length: 4.096"
"12:27:16,4756781","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4758003","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 384.000, Length: 4.096"
"12:27:16,4760877","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:16,4762407","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 388.096, Length: 4.096"
"12:27:16,4764063","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,4777288","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4781669","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:16,4784519","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,4807349","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4811762","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, FileAttributes: ANCI"
"12:27:16,4813395","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,4835083","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4839095","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:16,4840718","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,4861533","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4864393","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4865550","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,4867169","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,4867211","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4869231","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976263, endtime: 976263, seqnum: 0, connid: 0"
"12:27:16,4881714","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4883659","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4884513","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,4885927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\SynTP.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,4886482","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976263, endtime: 976263, seqnum: 0, connid: 0"
"12:27:16,4888385","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4892066","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,4894011","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,4914509","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4918512","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,4920532","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:16,4942956","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4946954","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:16,4948582","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:16,4969048","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4972719","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:16,4974650","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:16,4995144","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,4998796","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:16,5000728","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,5021240","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5025261","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:16,5026870","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,5063850","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5070591","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:16,5073413","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:16,5082290","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5089059","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,5099476","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5107579","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:16,5110719","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,5132794","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5143285","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:16,5148468","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:16,5152116","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:16,5162137","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:16,5166148","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:16,5170608","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,5174182","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:13, LastWriteTime: 06.10.2013 12:27:13, ChangeTime: 06.10.2013 12:27:14, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:16,5176020","taskmgr.exe","9948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,5182891","taskmgr.exe","9948","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\KnownClasses","NAME NOT FOUND","Desired Access: Read"
"12:27:16,5215695","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,5231309","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5239613","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5241609","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5243993","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5245640","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5248052","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976263, endtime: 976263, seqnum: 0, connid: 0"
"12:27:16,5269054","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5274652","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:16,5276653","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:16,5283091","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5287896","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:16,5291926","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,5305944","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5310386","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:16,5313968","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,5327660","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5335502","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:16,5340307","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,5358332","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5363562","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:16,5366809","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,5392443","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5397616","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:16,5399282","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:16,5427636","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5434139","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:16,5436145","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,5462157","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5466239","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,5468179","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,5490310","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5494714","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,5496640","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,5517577","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5522760","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,5525181","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:16,5537492","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5541088","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976263, endtime: 976263, seqnum: 0, connid: 0"
"12:27:16,5552028","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5556912","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:16,5557136","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5558913","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:16,5559123","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5559996","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5561171","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5562739","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976263, endtime: 976263, seqnum: 0, connid: 0"
"12:27:16,5585397","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5589800","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:16,5591736","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:16,5613051","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5617049","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:16,5618663","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,5645104","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5649550","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:16,5651168","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,5673225","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5677250","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:16,5678874","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:16,5684822","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5689239","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,5695705","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5701285","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:16,5703295","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,5718162","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5727362","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:16,5731029","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:16,5733795","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:16,5740643","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:16,5744580","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:16,5756299","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:16,5847812","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,5865213","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5868035","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5870041","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976264, endtime: 976264, seqnum: 0, connid: 0"
"12:27:16,5874272","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5879455","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:16,5881447","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,5883266","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5884894","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5886074","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,5887661","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976264, endtime: 976264, seqnum: 0, connid: 0"
"12:27:16,5891463","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5897541","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:16,5902351","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,5917143","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5922401","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:16,5926422","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,5940011","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5944438","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:16,5947307","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,5960878","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,5966555","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:16,5970903","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,6001799","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:16,6027144","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6032723","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:16,6034743","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,6058782","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6062831","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:16,6064777","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:16,6089725","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6094110","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,6095743","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:16,6117818","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6123005","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:16,6125370","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:16,6148238","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6152269","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:16,6153887","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:16,6160866","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,6164864","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,6168186","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:16,6171456","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:16,6174217","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:16,6174759","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6176629","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:16,6181472","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:16,6182479","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:16,6184914","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:16,6187657","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6190517","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6192542","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976264, endtime: 976264, seqnum: 0, connid: 0"
"12:27:16,6214962","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6219767","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:16,6222603","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:16,6226979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:16,6227403","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6230519","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6232535","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976264, endtime: 976264, seqnum: 0, connid: 0"
"12:27:16,6232698","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,6240978","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6242644","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976264, endtime: 976264, seqnum: 0, connid: 0"
"12:27:16,6255575","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6260301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:16,6262265","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:16,6265054","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:16,6283178","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,6289158","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.901.156, Length: 16.200"
"12:27:16,6293124","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6297980","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:16,6299631","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:16,6307254","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6307627","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,6312050","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\kbdclass.sys","NO SUCH FILE","Filter: kbdclass.sys"
"12:27:16,6312465","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,6315226","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:16,6319695","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6326427","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:16,6328442","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:16,6331750","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,6336088","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:16,6336107","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Filter: kbdclass.sys, 1: kbdclass.sys"
"12:27:16,6340166","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:16,6348124","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:16,6369392","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,6376622","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:16,6379445","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,6387893","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,6391910","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,6395903","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,6402453","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:16,6428007","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,6432033","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:16,6434016","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:16,6440836","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,6444480","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,6448062","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,6455036","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:16,6456651","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:16,6461689","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,6465304","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:16,6468514","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,6475805","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:16,6484174","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:16,6496158","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 36.044, Length: 4.096"
"12:27:16,6497875","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:16,6502657","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:16,6507849","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6511049","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6513792","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976264, endtime: 976264, seqnum: 0, connid: 0"
"12:27:16,6525455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 32.264, Length: 4.096"
"12:27:16,6548322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,6552348","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6555138","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6557158","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976264, endtime: 976264, seqnum: 0, connid: 0"
"12:27:16,6566819","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6569609","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976264, endtime: 976264, seqnum: 0, connid: 0"
"12:27:16,6595304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 43.520, Length: 7.248"
"12:27:16,6602138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 36.352, Length: 4.096"
"12:27:16,6606514","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 17.408, Length: 4.096"
"12:27:16,6634648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:16,6639826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 38.912, Length: 4.096"
"12:27:16,6649110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,6654652","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 34.304, Length: 4.096"
"12:27:16,6666314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:16,6689182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 47.616, Length: 3.152"
"12:27:16,6695568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:16,6713953","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.158.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6717937","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.158.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6720755","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.158.819, Length: 1.460"
"12:27:16,6724370","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.160.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6749398","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,6749822","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.160.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6752663","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.160.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6754618","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.160.279, Length: 2.920"
"12:27:16,6755378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 4.096, Length: 39.424"
"12:27:16,6757459","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.163.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6780616","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.163.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6783490","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.163.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6785878","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.163.199, Length: 2.920"
"12:27:16,6788719","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.166.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6811881","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.166.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6812329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 44.907, Length: 4.096"
"12:27:16,6815156","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.166.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6817549","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.166.119, Length: 1.460"
"12:27:16,6821155","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.167.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6832393","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6835239","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6837968","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976265, endtime: 976265, seqnum: 0, connid: 0"
"12:27:16,6851734","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.167.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6854664","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.167.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6856660","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.167.579, Length: 2.920"
"12:27:16,6859907","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.170.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6875278","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6877751","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6880139","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976265, endtime: 976265, seqnum: 0, connid: 0"
"12:27:16,6888807","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.170.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6890528","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,6891596","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.170.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6892231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 36.044, Length: 4.096"
"12:27:16,6892977","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976265, endtime: 976265, seqnum: 0, connid: 0"
"12:27:16,6893644","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.170.499, Length: 2.920"
"12:27:16,6896443","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.173.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6900418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,6912057","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 19.968, Length: 4.096"
"12:27:16,6916046","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 36.044, Length: 4.096"
"12:27:16,6930381","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.173.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6933246","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.173.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6935578","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.173.419, Length: 2.920"
"12:27:16,6938391","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.176.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6957014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:16,6962178","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.176.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6965803","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.176.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,6967846","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.176.339, Length: 4.380"
"12:27:16,6971051","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.180.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7001952","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.180.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7005525","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.180.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7007204","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.180.719, Length: 7.300"
"12:27:16,7010353","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.188.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7037233","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:16,7054200","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.188.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7058370","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.188.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7062014","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.188.019, Length: 1.460"
"12:27:16,7065582","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.189.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7088319","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.189.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7091142","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.189.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7093110","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.189.479, Length: 2.920"
"12:27:16,7095951","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.192.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7122850","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.192.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7126395","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.192.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7128807","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.192.399, Length: 2.920"
"12:27:16,7132455","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.195.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7143656","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,7146506","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976265, endtime: 976265, seqnum: 0, connid: 0"
"12:27:16,7155855","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.195.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7158668","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.195.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7159694","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,7160613","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.195.319, Length: 2.920"
"12:27:16,7162129","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,7164182","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976265, endtime: 976265, seqnum: 0, connid: 0"
"12:27:16,7166183","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.198.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7166943","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\kbdclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,7183761","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.198.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7187334","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.198.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7189326","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.198.239, Length: 4.380"
"12:27:16,7190156","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:16,7192148","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.202.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7192983","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976265, endtime: 976265, seqnum: 0, connid: 0"
"12:27:16,7211587","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.202.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7214470","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.202.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7216864","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.202.619, Length: 2.920"
"12:27:16,7224439","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.205.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7238201","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.205.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7240562","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.205.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7242176","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.205.539, Length: 2.920"
"12:27:16,7244989","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.208.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7269387","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.208.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7272209","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.208.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7274565","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.208.459, Length: 1.460"
"12:27:16,7277406","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.209.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7295473","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.209.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7297909","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.209.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7299924","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.209.919, Length: 2.920"
"12:27:16,7303101","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.212.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7326281","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.212.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7330214","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.212.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7332644","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.212.839, Length: 2.920"
"12:27:16,7336246","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.215.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7350478","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.215.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7352862","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.215.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7354467","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.215.759, Length: 1.460"
"12:27:16,7356911","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.217.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7487238","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,7490909","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,7493643","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:16,7495709","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:16,7497687","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:16,7499329","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:16,7501345","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:16,7540717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:16,7545531","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,7560399","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:16,7579255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,7582861","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.217.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7586024","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.217.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7586919","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 461.922, Length: 16.200"
"12:27:16,7587661","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.217.219, Length: 2.920"
"12:27:16,7590936","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 475.136, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,7591304","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.220.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7616831","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.220.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7617447","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,7619210","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.220.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7622406","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.220.139, Length: 2.920"
"12:27:16,7623059","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\kbdclass.sys.mui","NO SUCH FILE","Filter: kbdclass.sys.mui"
"12:27:16,7625891","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:16,7628177","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.223.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7647653","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.223.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7650839","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.223.744, EndOfFile: 408.223.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7651711","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,7655695","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.223.059, Length: 1.460, Priority: Normal"
"12:27:16,7657258","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Filter: kbdclass.sys.mui, 1: kbdclass.sys.mui"
"12:27:16,7662114","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:16,7676543","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.224.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7679352","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.224.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7681801","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.224.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7684152","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.224.519, Length: 1.460"
"12:27:16,7687002","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.225.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7694578","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,7700587","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:16,7701389","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.225.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7703418","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,7703815","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.225.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7705863","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.225.979, Length: 2.920"
"12:27:16,7708662","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.228.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7712417","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,7716830","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,7720819","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,7729771","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.228.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7732565","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.228.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7737790","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.228.899, Length: 1.460"
"12:27:16,7740603","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.230.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:16,7750078","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,7753679","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:16,7755326","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:16,7761726","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,7765346","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,7768593","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,7782593","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,7786245","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:16,7789786","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,7894903","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Offset: 4.096, Length: 1.024"
"12:27:16,7902945","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,7992093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Offset: 4.096, Length: 1.024"
"12:27:16,8006531","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,8016510","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Offset: 4.096, Length: 1.024"
"12:27:16,8182733","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,8682527","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,8686893","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,8689329","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:16,8691722","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:16,8693364","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:16,8695328","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:16,8697343","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:16,8730264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:16,8735060","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,8768704","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:16,8795523","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,8801191","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.314.204, Length: 16.200"
"12:27:16,8824436","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,8829232","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\mouclass.sys","NO SUCH FILE","Filter: mouclass.sys"
"12:27:16,8832087","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:16,8848097","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,8851755","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Filter: mouclass.sys, 1: mouclass.sys"
"12:27:16,8855748","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:16,8881778","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,8887027","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:16,8889037","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,8895400","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,8899025","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,8902244","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,8929581","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,8932804","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:16,8934750","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:16,8940791","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,8944387","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:16,8947597","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:16,8960808","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:16,8964419","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:16,8967297","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:16,8992535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 34.516, Length: 4.096"
"12:27:16,8997788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:16,9014204","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 30.728, Length: 4.096"
"12:27:16,9031824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,9070781","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 41.984, Length: 7.232"
"12:27:16,9076416","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 34.816, Length: 4.096"
"12:27:16,9080433","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:16,9104854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 41.984, Length: 4.096"
"12:27:16,9108525","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 37.376, Length: 4.096"
"12:27:16,9117678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,9127596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:16,9140798","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 41.984, Length: 4.096"
"12:27:16,9163321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 46.080, Length: 3.136"
"12:27:16,9168961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:16,9213091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,9218298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 4.096, Length: 37.888"
"12:27:16,9275336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 43.356, Length: 4.096"
"12:27:16,9342671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 34.516, Length: 4.096"
"12:27:16,9345512","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,9353517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 18.944, Length: 4.096"
"12:27:16,9356713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 34.516, Length: 4.096"
"12:27:16,9392050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 41.984, Length: 4.096"
"12:27:16,9463835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 39.424, Length: 4.096"
"12:27:16,9576560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mouclass.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:16,9871939","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:16,9876767","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:16,9879524","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:16,9881926","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:16,9883582","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:16,9885546","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:16,9888000","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:16,9934142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:16,9942940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:16,9975399","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:16,9998701","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,0006277","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.231.422, Length: 16.200"
"12:27:17,0036767","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,0042015","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\mouclass.sys.mui","NO SUCH FILE","Filter: mouclass.sys.mui"
"12:27:17,0045201","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:17,0064472","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,0068438","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Filter: mouclass.sys.mui, 1: mouclass.sys.mui"
"12:27:17,0072109","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:17,0099376","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,0107106","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:17,0110343","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,0118764","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,0125206","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,0129573","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,0159680","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,0163263","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:17,0164901","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:17,0170951","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,0174888","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,0178126","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,0191776","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,0195396","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:17,0198615","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,0306082","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:27:17,0313770","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,0397609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:27:17,0410853","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,0420869","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:27:17,0573279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\mouclass.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,1074459","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:17,1078513","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,1081251","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:17,1083304","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:17,1085258","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:17,1086896","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:17,1088906","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:17,1124603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:17,1129063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,1145782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 264, Length: 4.096"
"12:27:17,1173287","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,1179295","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.982.480, Length: 16.200"
"12:27:17,1182519","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.990.080, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,1212123","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,1216914","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\Smb_driver_Intel.sys","NO SUCH FILE","Filter: Smb_driver_Intel.sys"
"12:27:17,1219760","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:17,1260919","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,1266881","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Filter: Smb_driver_Intel.sys, 1: Smb_driver_Intel.sys"
"12:27:17,1271760","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:17,1301822","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,1307401","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:17,1309412","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,1315854","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,1319474","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,1323509","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,1366045","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,1370070","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:17,1372062","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:17,1378915","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,1382909","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,1386920","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,1400985","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,1404951","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:17,1408188","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,1438641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 21.772, Length: 4.096"
"12:27:17,1444286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 264, Length: 4.096"
"12:27:17,1475560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,1515301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 36.352, Length: 7.480"
"12:27:17,1522490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 33.792, Length: 4.096"
"12:27:17,1525751","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:17,1535734","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 36.352, Length: 4.096"
"12:27:17,1539373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 34.816, Length: 4.096"
"12:27:17,1547033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,1551418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 21.504, Length: 4.096"
"12:27:17,1559819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 36.352, Length: 4.096"
"12:27:17,1581092","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 40.448, Length: 3.384"
"12:27:17,1586750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 264, Length: 4.096"
"12:27:17,1632850","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,1638051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 4.096, Length: 32.256"
"12:27:17,1685802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 38.408, Length: 4.096"
"12:27:17,1727484","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9692, User Time: 0.0312002, Kernel Time: 0.0624004"
"12:27:17,1728450","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 10144, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:17,1729252","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9776, User Time: 0.0156001, Kernel Time: 0.0312002"
"12:27:17,1736511","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9592, User Time: 0.0000000, Kernel Time: 0.1248008"
"12:27:17,1737248","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 6480, User Time: 0.0000000, Kernel Time: 0.0312002"
"12:27:17,1738643","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9780, User Time: 0.0312002, Kernel Time: 0.0156001"
"12:27:17,1763391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 21.772, Length: 4.096"
"12:27:17,1766595","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,1773840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 31.744, Length: 4.096"
"12:27:17,1779079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 21.772, Length: 4.096"
"12:27:17,1817187","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 36.352, Length: 4.096"
"12:27:17,1886248","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 23.552, Length: 4.096"
"12:27:17,1891426","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 27.648, Length: 4.096"
"12:27:17,1926418","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 6264, User Time: 0.0468003, Kernel Time: 0.0312002"
"12:27:17,1927155","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9352, User Time: 0.0156001, Kernel Time: 0.0312002"
"12:27:17,1927981","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9836, User Time: 0.0000000, Kernel Time: 0.0468003"
"12:27:17,2002127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Smb_driver_Intel.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,2024607","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9784, User Time: 0.0156001, Kernel Time: 0.0780005"
"12:27:17,2027196","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9996, User Time: 0.0156001, Kernel Time: 0.0936006"
"12:27:17,2030910","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9988, User Time: 0.0156001, Kernel Time: 0.1092007"
"12:27:17,2226438","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9356, User Time: 0.0156001, Kernel Time: 0.0624004"
"12:27:17,2326097","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9684, User Time: 0.0156001, Kernel Time: 0.0156001"
"12:27:17,2714757","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:17,2722752","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,2725542","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:17,2728378","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:17,2730361","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:17,2731998","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:17,2734023","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:17,2773316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:17,2780561","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,2797262","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:17,2831470","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,2837866","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.017.420, Length: 16.200"
"12:27:17,2859171","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,2863626","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\SCSIPORT.SYS","NO SUCH FILE","Filter: SCSIPORT.SYS"
"12:27:17,2866789","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:17,2882445","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,2886419","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\SCSIPORT.SYS","SUCCESS","Filter: SCSIPORT.SYS, 1: scsiport.sys"
"12:27:17,2890081","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:17,2915729","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,2921379","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:17,2923763","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,2930196","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,2934170","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,2937398","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,2963107","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,2966331","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:17,2968285","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:17,2974308","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,2977909","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,2981123","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,2994325","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,2997950","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:17,3001146","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,3034346","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 155.248, Length: 4.096"
"12:27:17,3038363","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 151.552, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,3052031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:17,3068503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 155.144, Length: 4.096"
"12:27:17,3085297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,3127842","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 164.352, Length: 7.040"
"12:27:17,3132302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 163.840, Length: 7.552, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,3151666","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 153.088, Length: 4.096"
"12:27:17,3168507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 159.232, Length: 4.096"
"12:27:17,3171707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 159.744, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,3202972","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 157.184, Length: 4.096"
"12:27:17,3207007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 62.976, Length: 4.096"
"12:27:17,3243917","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 164.352, Length: 4.096"
"12:27:17,3248293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 160.768, Length: 4.096"
"12:27:17,3257534","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,3268777","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 164.352, Length: 4.096"
"12:27:17,3290054","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 11.264, Length: 4.096"
"12:27:17,3305681","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 164.352, Length: 4.096"
"12:27:17,3311279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 168.448, Length: 2.944"
"12:27:17,3316486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:17,3358662","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,3363859","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 4.096, Length: 57.760"
"12:27:17,3366709","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 61.856, Length: 61.440"
"12:27:17,3370231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 123.296, Length: 41.056"
"12:27:17,3529984","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3533553","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:17,3537168","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:17,3538264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 165.739, Length: 4.096"
"12:27:17,3540788","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:17,3543232","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:17,3544889","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:17,3545607","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3547636","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:17,3550020","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:17,3552087","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:17,3552441","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:17,3554461","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:17,3556878","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3559229","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:17,3561277","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:17,3563339","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:17,3563670","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:17,3565690","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:17,3566567","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:17,3567686","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3569669","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:17,3572939","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:17,3574996","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:17,3576513","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:17,3577749","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:17,3579349","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:17,3580212","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:17,3581700","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:17,3582591","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:17,3584989","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:17,3587027","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:17,3589435","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:17,3591403","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:17,3594226","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:17,3595868","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:17,3597846","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:17,3599847","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3601470","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:17,3603817","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:17,3606019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 155.248, Length: 4.096"
"12:27:17,3606280","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:17,3608631","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:17,3608855","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,3610688","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:17,3612704","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:17,3615055","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:17,3616832","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 71.168, Length: 4.096"
"12:27:17,3617121","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:17,3620508","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 155.248, Length: 4.096"
"12:27:17,3621455","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:17,3626106","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:17,3629731","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:17,3630613","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,3632889","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3634918","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:17,3637274","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3637400","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:17,3642672","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:17,3644911","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3647738","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3648661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:17,3650607","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3653005","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:17,3653910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:17,3655808","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3658187","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3659125","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:17,3660231","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3662610","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3664336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:17,3664634","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3667046","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3669038","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:17,3669551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:17,3671417","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3673386","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:17,3674762","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:17,3676647","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3678681","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3679982","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:17,3681069","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3683084","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:17,3685193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:17,3686238","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3690805","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:17,3691705","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3694938","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3696030","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:17,3698512","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3700928","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3701661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:17,3704520","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3706549","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:17,3707641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:17,3708975","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3710953","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:17,3712894","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:17,3718095","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:17,3724449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:17,3729692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:17,3730486","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3733690","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3734917","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:17,3740151","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:17,3740926","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3743314","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:17,3745381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:17,3746482","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3748539","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3750932","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:17,3752061","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3756171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:17,3757589","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3760449","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3761387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:17,3763271","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3765632","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:17,3766593","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:17,3767708","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3769667","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:17,3771808","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:17,3777005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:17,3780644","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3781903","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:17,3783858","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3787077","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3787109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:17,3789446","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:17,3791849","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3792320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:17,3797890","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:17,3803096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:17,3807976","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:17,3813177","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:17,3813313","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3816891","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3819195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:17,3820543","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3822941","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:17,3824816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:17,3825759","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3828119","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3830130","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3832169","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,3833927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:17,3834174","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:17,3836540","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3838522","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:17,3840342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:17,3840584","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:17,3842543","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:17,3845594","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:17,3850810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:17,3856021","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 167.936, Length: 3.456"
"12:27:17,3874079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 155.248, Length: 4.096"
"12:27:17,3878903","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,3883651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:17,3888060","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:17,3892151","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:17,3896546","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:17,3900954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:17,3905348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:17,3909752","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:17,3914151","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:17,3918546","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:17,3924601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:17,3929028","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:17,3933432","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:17,3937845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:17,3942249","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:17,3946657","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:17,3951051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:17,3955129","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:17,3959523","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:17,3963927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:17,3968321","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:17,3972716","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:17,3976788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:17,3981192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:17,3985591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:17,3989990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:17,3994389","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:17,3998471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:17,4002861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:17,4007260","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:17,4011664","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:17,4016063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:17,4020532","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:17,4025286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:17,4029685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:17,4033757","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:17,4038166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:17,4042574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:17,4046978","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:17,4051386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:17,4055795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:17,4060198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 167.936, Length: 3.456"
"12:27:17,4081070","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 155.248, Length: 4.096"
"12:27:17,4087936","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 164.352, Length: 4.096"
"12:27:17,4127566","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9916, User Time: 0.0312002, Kernel Time: 0.0624004"
"12:27:17,4158476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 162.816, Length: 4.096"
"12:27:17,4273244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\scsiport.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,4422748","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,4425906","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,4427978","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976272, endtime: 976272, seqnum: 0, connid: 0"
"12:27:17,4445723","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,4448172","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,4449763","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,4450962","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,4452581","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976272, endtime: 976272, seqnum: 0, connid: 0"
"12:27:17,4493110","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.230.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,4495933","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.230.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,4497869","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.230.359, Length: 2.920"
"12:27:17,4500738","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.233.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,4550341","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.233.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,4553154","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.233.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,4555103","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.233.279, Length: 5.840"
"12:27:17,4558350","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.239.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,4589303","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:17,4594140","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,4596893","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:17,4598945","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:17,4600914","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:17,4602565","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:17,4605336","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:17,4629762","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:17,4632542","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:17,4634562","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:17,4637403","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:17,4640972","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:17,4645413","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\scsiport.sys.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Synchronous"
"12:27:17,4650246","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\scsiport.sys.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,4667213","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\scsiport.sys.mui","SUCCESS","Offset: 184, Length: 2.888"
"12:27:17,4685626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\scsiport.sys.mui","SUCCESS","Offset: 0, Length: 3.072"
"12:27:17,4691233","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.322.628, Length: 16.200"
"12:27:17,4710938","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,4715360","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\SCSIPORT.SYS.mui","NO SUCH FILE","Filter: SCSIPORT.SYS.mui"
"12:27:17,4718509","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:17,4735378","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,4739035","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\SCSIPORT.SYS.mui","SUCCESS","Filter: SCSIPORT.SYS.mui, 1: scsiport.sys.mui"
"12:27:17,4743019","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:17,4769143","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,4774732","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:17,4776742","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,4783129","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,4786763","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,4789986","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,4816479","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,4820075","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:17,4822095","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:17,4828500","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,4832111","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,4835344","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,4848910","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,4852544","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:17,4855744","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,5685568","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:17,5689622","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,5692057","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:17,5694432","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:17,5696396","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:17,5698042","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:17,5700058","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:17,5736127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:17,5740942","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,5775285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:17,5801209","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,5807241","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.203.746, Length: 16.200"
"12:27:17,5830962","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,5835394","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\Accelerometer.sys","NO SUCH FILE","Filter: Accelerometer.sys"
"12:27:17,5838557","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:17,5854581","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,5858243","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Filter: Accelerometer.sys, 1: Accelerometer.sys"
"12:27:17,5862227","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:17,5888710","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,5893954","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:17,5895950","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,5902346","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,5905957","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,5909171","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,5936816","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,5940058","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:17,5941714","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:17,5948082","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,5951683","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,5954902","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,5967787","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,5971407","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:17,5974611","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,6000278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 32.284, Length: 4.096"
"12:27:17,6005508","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:17,6021947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 31.240, Length: 4.096"
"12:27:17,6038788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,6078053","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 36.352, Length: 7.448"
"12:27:17,6084118","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 31.232, Length: 4.096"
"12:27:17,6088531","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 35.328, Length: 4.096"
"12:27:17,6091712","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 27.648, Length: 4.096"
"12:27:17,6116600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 36.352, Length: 4.096"
"12:27:17,6126247","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,6141105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 36.352, Length: 4.096"
"12:27:17,6161487","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 40.448, Length: 3.352"
"12:27:17,6166791","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:17,6208085","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,6213268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 4.096, Length: 32.256"
"12:27:17,6262199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 39.809, Length: 3.991"
"12:27:17,6328713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 32.284, Length: 4.096"
"12:27:17,6332286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,6340301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 29.696, Length: 4.096"
"12:27:17,6376058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 36.352, Length: 4.096"
"12:27:17,6433139","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9472, User Time: 0.0000000, Kernel Time: 0.0780005"
"12:27:17,6441737","firefox.exe","6744","Thread Exit","","SUCCESS","Thread ID: 9664, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:17,6526905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\Accelerometer.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,6792125","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,6795283","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,6797312","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976275, endtime: 976275, seqnum: 0, connid: 0"
"12:27:17,6811368","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,6813313","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,6814554","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,6815753","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,6816998","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976275, endtime: 976275, seqnum: 0, connid: 0"
"12:27:17,6840888","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:17,6844158","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,6852201","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:17,6855858","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:17,6858237","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:17,6862818","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.239.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,6865566","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.239.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,6867184","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.239.119, Length: 2.920"
"12:27:17,6869116","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,6871103","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:17,6873865","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:17,6875246","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.242.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,6878469","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:17,6881609","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,6883671","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:17,6885686","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:17,6893812","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.242.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,6896625","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.242.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,6898594","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.242.039, Length: 2.920"
"12:27:17,6901785","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.244.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,6935681","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.244.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,6938503","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.244.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,6940476","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.244.959, Length: 2.920"
"12:27:17,6942930","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.247.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7077935","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:17,7082320","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,7084751","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:17,7087144","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:17,7088786","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:17,7090750","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:17,7092761","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:17,7117308","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7120475","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7122864","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976275, endtime: 976275, seqnum: 0, connid: 0"
"12:27:17,7128424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:17,7137381","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7138398","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,7139327","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7140180","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7141342","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7142592","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976275, endtime: 976275, seqnum: 0, connid: 0"
"12:27:17,7157096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:17,7181190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,7186854","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 149.910, Length: 16.200"
"12:27:17,7190418","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 151.552, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,7201460","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.247.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7204277","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.247.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7206684","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.247.879, Length: 2.920"
"12:27:17,7209875","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.250.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7225988","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,7231190","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\CmBatt.sys","NO SUCH FILE","Filter: CmBatt.sys"
"12:27:17,7234376","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:17,7250470","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,7252318","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.250.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7254454","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Filter: CmBatt.sys, 1: CmBatt.sys"
"12:27:17,7255131","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.250.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7257080","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.250.799, Length: 5.840"
"12:27:17,7258447","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:17,7260677","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.256.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7284977","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,7294013","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:17,7296448","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,7305219","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,7310052","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,7314446","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,7344605","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,7348202","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:17,7349835","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:17,7356207","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,7359827","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,7363391","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,7376719","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,7380666","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:17,7383884","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,7409967","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 14.844, Length: 2.820"
"12:27:17,7415233","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:17,7432872","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 14.344, Length: 3.320"
"12:27:17,7435857","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7438694","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976275, endtime: 976275, seqnum: 0, connid: 0"
"12:27:17,7451532","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7452110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,7453533","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7454723","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7455982","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976275, endtime: 976275, seqnum: 0, connid: 0"
"12:27:17,7465946","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7467229","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7468787","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976275, endtime: 976275, seqnum: 0, connid: 0"
"12:27:17,7494972","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.256.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7497785","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.256.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7499446","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.256.639, Length: 1.460"
"12:27:17,7501293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 14.336, Length: 3.328"
"12:27:17,7502245","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.258.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7507661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 4.736, Length: 4.096"
"12:27:17,7538576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 16.512, Length: 1.152"
"12:27:17,7541701","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.258.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7548228","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,7553308","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.258.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7556517","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.258.099, Length: 4.380"
"12:27:17,7560543","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.262.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7599491","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.262.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7601969","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.262.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7603905","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.262.479, Length: 2.920"
"12:27:17,7606773","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 14.844, Length: 2.820"
"12:27:17,7609367","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.265.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7610002","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,7617620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 5.888, Length: 4.096"
"12:27:17,7621590","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 14.844, Length: 2.820"
"12:27:17,7766951","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7770100","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7771793","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976275, endtime: 976276, seqnum: 0, connid: 0"
"12:27:17,7786171","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7787794","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7788648","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7789814","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,7791372","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976276, endtime: 976276, seqnum: 0, connid: 0"
"12:27:17,7814804","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CmBatt.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,7864006","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.265.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7867183","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.265.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7870920","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.265.399, Length: 2.920"
"12:27:17,7875282","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.268.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7899162","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.268.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7901951","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.268.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7903579","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.268.319, Length: 4.380"
"12:27:17,7906434","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.272.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7966981","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.272.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7969804","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.272.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,7971777","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.272.699, Length: 1.460"
"12:27:17,7974651","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.274.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8136354","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8139577","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976276, endtime: 976276, seqnum: 0, connid: 0"
"12:27:17,8157626","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8159609","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8160798","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8161652","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8162823","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8164078","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976276, endtime: 976276, seqnum: 0, connid: 0"
"12:27:17,8202569","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.274.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8205391","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.274.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8207350","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.274.159, Length: 1.460"
"12:27:17,8210182","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.275.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8280964","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.275.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8283786","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.275.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8285433","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.275.619, Length: 7.300"
"12:27:17,8288652","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.282.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8381140","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:17,8385502","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,8388702","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:17,8391095","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:17,8392751","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:17,8394725","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:17,8396740","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:17,8453135","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:17,8458332","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,8485617","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8488407","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8489634","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8490810","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8490940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:17,8491677","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8493623","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976276, endtime: 976276, seqnum: 0, connid: 0"
"12:27:17,8508308","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8509773","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,8510696","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8512367","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976276, endtime: 976276, seqnum: 0, connid: 0"
"12:27:17,8515422","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.241.654, Length: 16.200"
"12:27:17,8539867","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,8547625","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\wmiacpi.sys","NO SUCH FILE","Filter: wmiacpi.sys"
"12:27:17,8551249","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:17,8563462","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.282.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8566275","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.289.280, EndOfFile: 408.282.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8570320","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.282.919, Length: 7.300, Priority: Normal"
"12:27:17,8570520","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,8574537","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Filter: wmiacpi.sys, 1: wmiacpi.sys"
"12:27:17,8578554","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:17,8588779","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.290.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8605363","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.290.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8605778","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,8608195","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.290.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8610210","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.290.219, Length: 2.920"
"12:27:17,8611428","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:17,8613471","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,8615729","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.293.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,8619885","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,8624275","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,8627508","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,8653973","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,8657210","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:17,8659151","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:17,8665192","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,8668789","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,8672376","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,8685289","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,8688895","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:17,8692104","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,8718191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 11.572, Length: 2.764"
"12:27:17,8724965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:17,8741810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 11.272, Length: 3.064"
"12:27:17,8758683","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,8799231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 11.264, Length: 3.072"
"12:27:17,8802847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 3.072, Length: 4.096"
"12:27:17,8816431","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 12.800, Length: 1.536"
"12:27:17,8824884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,8835572","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8838809","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976277, endtime: 976277, seqnum: 0, connid: 0"
"12:27:17,8861971","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8864742","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8866351","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8867606","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8869146","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8872341","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:17,8874347","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976277, endtime: 976277, seqnum: 0, connid: 0"
"12:27:17,8889504","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 11.572, Length: 2.764"
"12:27:17,8892265","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,8899505","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:17,8902659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 11.572, Length: 2.764"
"12:27:17,9014992","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.293.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,9017843","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.293.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,9027448","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.293.139, Length: 1.460"
"12:27:17,9042156","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.294.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,9085256","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.294.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,9088382","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.294.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,9089068","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\wmiacpi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,9090061","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.294.599, Length: 5.840"
"12:27:17,9093262","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.300.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,9139828","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.300.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,9142631","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.300.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,9144577","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.300.439, Length: 2.920"
"12:27:17,9147441","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.303.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:17,9426081","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9612, User Time: 0.0156001, Kernel Time: 0.0312002"
"12:27:17,9580176","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:17,9584192","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:17,9586944","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:17,9589338","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:17,9590994","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:17,9592962","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:17,9594982","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:17,9633109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:17,9638745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:17,9657866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:17,9684368","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,9690363","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.616.684, Length: 16.200"
"12:27:17,9710828","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,9715293","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\intelppm.sys","NO SUCH FILE","Filter: intelppm.sys"
"12:27:17,9718469","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:17,9726069","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9464, User Time: 0.0156001, Kernel Time: 0.0780005"
"12:27:17,9741043","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,9745932","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Filter: intelppm.sys, 1: intelppm.sys"
"12:27:17,9750686","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:17,9779198","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,9784810","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:17,9786826","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,9793240","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,9798647","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,9803456","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,9833965","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,9837586","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:17,9839559","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:17,9846374","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,9850013","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:17,9855588","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:17,9869629","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:17,9873287","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:17,9876842","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:17,9904934","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:17,9911376","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:17,9950301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:17,9964763","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 60.538, Length: 1.926"
"12:27:17,9974737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:17,9983176","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 60.538, Length: 1.926"
"12:27:18,0000819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,0005642","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 45.568, Length: 4.096"
"12:27:18,0009649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:18,0028510","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 48.128, Length: 4.096"
"12:27:18,0037779","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,0099964","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 15.360, Length: 4.096"
"12:27:18,0103565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 2.004, Length: 4.096"
"12:27:18,0212712","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 6.100, Length: 4.096"
"12:27:18,0218347","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 10.196, Length: 4.096"
"12:27:18,0349485","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\intelppm.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,0646464","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:18,0650518","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,0653275","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:18,0655341","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:18,0657301","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:18,0658933","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:18,0660949","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:18,0693823","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:18,0698604","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,0737105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:18,0763051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,0769438","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 406.032, Length: 16.200"
"12:27:18,0792693","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,0797516","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\intelppm.sys.mui","NO SUCH FILE","Filter: intelppm.sys.mui"
"12:27:18,0800362","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:18,0816372","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,0821177","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Filter: intelppm.sys.mui, 1: intelppm.sys.mui"
"12:27:18,0825208","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:18,0859398","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,0865761","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:18,0867790","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,0874969","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,0878636","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,0882578","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,0910288","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,0913558","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:18,0915508","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:18,0926611","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,0932592","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,0937051","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,0953873","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,0958314","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:18,0961566","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,1078727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 18.944, Length: 2.048"
"12:27:18,1088752","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,1184058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:18,1190487","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:18,1196463","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:18,1201706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:18,1206926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 20.480, Length: 512"
"12:27:18,1220916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,1234963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:18,1240617","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:18,1246196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:18,1251799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:18,1257075","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 20.480, Length: 512"
"12:27:18,1345276","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:27:18,1351728","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 6.656, Length: 4.096"
"12:27:18,1357694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 10.752, Length: 4.096"
"12:27:18,1363334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 14.848, Length: 4.096"
"12:27:18,1624131","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\intelppm.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,1732560","hpqWmiEx.exe","3424","Thread Exit","","SUCCESS","Thread ID: 10152, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:18,2085028","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:18,2089409","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,2091849","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:18,2094232","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:18,2096192","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:18,2097829","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:18,2099844","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:18,2134370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:18,2139156","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,2176467","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 280, Length: 4.096"
"12:27:18,2208329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,2214375","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.640.822, Length: 16.200"
"12:27:18,2238395","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,2242892","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\AMPPAL.sys","NO SUCH FILE","Filter: AMPPAL.sys"
"12:27:18,2246059","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:18,2262116","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,2266110","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\AMPPAL.sys","SUCCESS","Filter: AMPPAL.sys, 1: AmpPal.sys"
"12:27:18,2270140","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:18,2296208","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,2301783","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:18,2303812","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,2309895","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,2313833","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,2317061","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,2344719","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,2347962","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:18,2349585","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:18,2355631","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,2359232","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,2362782","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,2375686","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,2379296","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:18,2382501","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,2407711","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 112.372, Length: 4.096"
"12:27:18,2412954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 280, Length: 4.096"
"12:27:18,2448278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,2490421","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 155.648, Length: 8.160"
"12:27:18,2494018","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 155.648, Length: 8.160, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,2510649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 149.504, Length: 4.096"
"12:27:18,2514269","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 147.456, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,2526640","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9460, User Time: 0.0000000, Kernel Time: 0.0312002"
"12:27:18,2532224","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 120.320, Length: 4.096"
"12:27:18,2555913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:18,2560303","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:18,2569521","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,2573948","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 111.616, Length: 4.096"
"12:27:18,2583941","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:18,2606039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 159.744, Length: 4.064"
"12:27:18,2612406","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 280, Length: 4.096"
"12:27:18,2657802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,2663022","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 4.096, Length: 57.800"
"12:27:18,2666199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 61.896, Length: 61.440"
"12:27:18,2669408","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 123.336, Length: 32.312"
"12:27:18,2826143","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9440, User Time: 0.0156001, Kernel Time: 0.0312002"
"12:27:18,2827449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 160.109, Length: 3.699"
"12:27:18,2892418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 112.372, Length: 4.096"
"12:27:18,2895236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,2902868","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 138.752, Length: 4.096"
"12:27:18,2906096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 112.372, Length: 4.096"
"12:27:18,2947377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:18,3018761","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 113.664, Length: 4.096"
"12:27:18,3024401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 117.760, Length: 4.096"
"12:27:18,3156611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AmpPal.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,3426132","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 6424, User Time: 0.0156001, Kernel Time: 0.0000000"
"12:27:18,4070457","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:18,4074814","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,4077254","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:18,4079637","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:18,4081289","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:18,4083257","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:18,4085263","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:18,4119388","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:18,4125807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,4144476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:18,4167834","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,4173861","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.567.598, Length: 16.200"
"12:27:18,4179977","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:18,4183597","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,4185650","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:18,4188430","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:18,4190459","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:18,4192451","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,4194075","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:18,4195096","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,4196818","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:18,4199234","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:18,4199892","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\CompositeBus.sys","NO SUCH FILE","Filter: CompositeBus.sys"
"12:27:18,4200820","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,4202439","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:18,4202761","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:18,4204067","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:18,4218813","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,4223557","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Filter: CompositeBus.sys, 1: CompositeBus.sys"
"12:27:18,4227569","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:18,4253721","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,4259301","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:18,4261311","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,4267740","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,4271369","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,4274924","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,4301836","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,4305074","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:18,4307028","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:18,4313069","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,4316661","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,4320249","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,4333563","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,4337505","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:18,4340723","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,4367235","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 5.816, Length: 4.096"
"12:27:18,4372823","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:18,4403318","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,4445877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 34.816, Length: 4.096"
"12:27:18,4449889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:18,4460679","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 36.864, Length: 2.048"
"12:27:18,4468731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,4473130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 5.120, Length: 4.096"
"12:27:18,4527739","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,4534937","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 10.240, Length: 4.096"
"12:27:18,4538156","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 5.816, Length: 4.096"
"12:27:18,4543324","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,4548582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:18,4553788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:18,4559358","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:18,4564247","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:18,4569448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:18,4574655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:18,4579861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:18,4585062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:18,4590264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 36.864, Length: 2.048"
"12:27:18,4605168","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 5.816, Length: 4.096"
"12:27:18,4609936","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,4614377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:18,4618790","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:18,4623940","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:18,4628101","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:18,4628815","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:18,4631264","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:18,4633308","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:18,4633606","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:18,4636508","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:18,4638024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:18,4640114","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:18,4642446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:18,4646859","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:18,4651272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 36.864, Length: 2.048"
"12:27:18,4667297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 5.816, Length: 4.096"
"12:27:18,4845043","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\CompositeBus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,4926405","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9928, User Time: 0.0000000, Kernel Time: 0.0156001"
"12:27:18,4936430","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,4939663","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976283, endtime: 976283, seqnum: 0, connid: 0"
"12:27:18,4958864","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,4960865","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,4961737","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,4962904","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,4963748","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,4965754","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,4967280","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976283, endtime: 976283, seqnum: 0, connid: 0"
"12:27:18,5033229","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.303.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5036391","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.303.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5038034","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.303.359, Length: 1.460"
"12:27:18,5040814","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.304.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5081460","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.304.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5084268","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.304.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5085906","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.304.819, Length: 8.760"
"12:27:18,5089129","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.313.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5267127","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5269996","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5272333","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976283, endtime: 976283, seqnum: 0, connid: 0"
"12:27:18,5288385","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5290004","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5290863","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5292029","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5292873","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5294436","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976283, endtime: 976283, seqnum: 0, connid: 0"
"12:27:18,5353126","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.313.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5355939","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.313.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5357572","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.313.579, Length: 2.920"
"12:27:18,5360791","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.316.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5400994","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.316.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5403485","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.316.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5404063","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:18,5405435","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.316.499, Length: 7.300"
"12:27:18,5408696","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.323.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5408920","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,5411686","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:18,5413739","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:18,5415707","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:18,5428433","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:18,5431657","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:18,5468916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:18,5473395","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,5491728","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:18,5517092","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,5524290","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.322.006, Length: 16.200"
"12:27:18,5546761","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,5554346","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\AgileVpn.sys","NO SUCH FILE","Filter: AgileVpn.sys"
"12:27:18,5558923","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:18,5580937","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,5585023","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\AgileVpn.sys","SUCCESS","Filter: AgileVpn.sys, 1: agilevpn.sys"
"12:27:18,5589390","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:18,5589409","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5592235","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5594255","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976283, endtime: 976283, seqnum: 0, connid: 0"
"12:27:18,5606263","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5607910","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,5609482","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976283, endtime: 976283, seqnum: 0, connid: 0"
"12:27:18,5615840","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,5624303","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:18,5626304","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9980, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:18,5626346","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,5633087","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,5636726","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,5639954","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,5666031","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,5669278","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:18,5669926","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.323.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5671256","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:18,5674013","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.323.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5676849","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.323.799, Length: 2.920"
"12:27:18,5680054","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.326.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5685624","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,5690882","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,5695299","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,5707554","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.326.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5710022","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.326.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5711673","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,5711986","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.326.719, Length: 2.920"
"12:27:18,5714762","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.329.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,5715718","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:18,5718974","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,5747421","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 54.884, Length: 4.096"
"12:27:18,5753029","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:18,5769459","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 26.116, Length: 4.096"
"12:27:18,5786327","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,5827272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 54.784, Length: 4.096"
"12:27:18,5832086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 19.456, Length: 4.096"
"12:27:18,5840143","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 58.368, Length: 2.048"
"12:27:18,5873381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,5935565","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 54.884, Length: 4.096"
"12:27:18,5938005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,5945213","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 22.528, Length: 4.096"
"12:27:18,5948432","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 54.884, Length: 4.096"
"12:27:18,6042697","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 59.904, Length: 512"
"12:27:18,6118951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\agilevpn.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,6250509","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6254563","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6255790","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6256965","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6258131","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6260935","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6261798","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6263422","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 10220, startime: 976284, endtime: 976284, seqnum: 0, connid: 0"
"12:27:18,6264159","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6364400","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.329.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6367255","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.329.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6370017","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.329.639, Length: 10.220"
"12:27:18,6373646","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.339.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6558655","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6561501","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6562742","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6564300","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6565149","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6567094","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976284, endtime: 976284, seqnum: 0, connid: 0"
"12:27:18,6577558","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6579186","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6580744","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976284, endtime: 976284, seqnum: 0, connid: 0"
"12:27:18,6645695","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.339.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6648503","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.339.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6650453","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.339.859, Length: 2.920"
"12:27:18,6653686","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.342.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6702813","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:18,6707189","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,6709633","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:18,6712414","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:18,6714816","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:18,6716836","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.342.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6717242","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:18,6720820","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:18,6720843","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.342.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6723232","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.342.779, Length: 4.380"
"12:27:18,6727239","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.347.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6757884","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.347.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6758989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:18,6760706","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.347.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6762334","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.347.159, Length: 2.920"
"12:27:18,6764988","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,6765119","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.350.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,6780672","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:18,6813971","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,6821593","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.519.484, Length: 16.200"
"12:27:18,6842861","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,6847638","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\rasl2tp.sys","NO SUCH FILE","Filter: rasl2tp.sys"
"12:27:18,6850502","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:18,6867301","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,6870972","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Filter: rasl2tp.sys, 1: rasl2tp.sys"
"12:27:18,6874989","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:18,6901808","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,6907075","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:18,6909412","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,6915836","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,6919866","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,6923104","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,6950763","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,6953995","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:18,6955633","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:18,6956081","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6958898","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6960447","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6961315","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6961982","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,6962481","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,6964119","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976285, endtime: 976285, seqnum: 0, connid: 0"
"12:27:18,6965607","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,6968839","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,6974741","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,6984369","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:18,6988792","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:18,6989440","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,6995449","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:18,6999913","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,7012980","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:18,7028351","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 124.508, Length: 4.096"
"12:27:18,7033982","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:18,7054708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 123.920, Length: 4.096"
"12:27:18,7058893","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7066039","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:18,7068055","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:18,7072780","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,7075696","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7080506","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:18,7084163","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,7100565","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7105403","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:18,7109009","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:18,7115283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 123.904, Length: 4.096"
"12:27:18,7121296","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 25.600, Length: 4.096"
"12:27:18,7124683","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7127482","ALMon.exe","1560","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,7130631","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:18,7131849","ALMon.exe","1560","RegOpenKey","HKLM\Software\Wow6432Node\Sophos\SAVService\PP","SUCCESS","Desired Access: Read"
"12:27:18,7134676","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:18,7135865","ALMon.exe","1560","RegSetInfoKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:18,7139504","ALMon.exe","1560","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:18,7141804","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 127.488, Length: 2.048"
"12:27:18,7142340","ALMon.exe","1560","RegCreateKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP\Message","ACCESS DENIED","Desired Access: Query Value, Notify"
"12:27:18,7152342","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7158313","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:18,7162190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,7162367","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:18,7167209","ALMon.exe","1560","RegQueryKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:18,7170013","ALMon.exe","1560","RegCreateKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP\Message","ACCESS DENIED","Desired Access: Query Value, Notify"
"12:27:18,7190432","ALMon.exe","1560","RegCloseKey","HKLM\SOFTWARE\Wow6432Node\Sophos\SAVService\PP","SUCCESS",""
"12:27:18,7204716","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7210743","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:18,7212763","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:18,7238551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 124.508, Length: 4.096"
"12:27:18,7240007","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7241420","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,7244443","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:18,7246402","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:18,7250489","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 37.888, Length: 4.096"
"12:27:18,7254893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 124.508, Length: 4.096"
"12:27:18,7261689","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,7268972","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:18,7269326","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7273749","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:18,7275722","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:18,7276188","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:18,7278204","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7281362","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7283788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:18,7284567","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976285, endtime: 976285, seqnum: 0, connid: 0"
"12:27:18,7291088","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:18,7297951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:18,7298193","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7305405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:18,7305424","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:18,7307057","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:18,7312631","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:18,7315150","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7317954","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7319195","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7319535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:18,7321168","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976285, endtime: 976285, seqnum: 0, connid: 0"
"12:27:18,7326706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:18,7332723","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7333908","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:18,7339520","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:18,7340780","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:18,7341988","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:18,7347964","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:18,7354836","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:18,7362029","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:18,7369194","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:18,7375627","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7376071","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:18,7381286","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:18,7383264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:18,7384043","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:18,7390108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:18,7397296","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:18,7404182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:18,7411375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:18,7417827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:18,7425384","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:18,7428501","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7431855","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:18,7434476","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:18,7436496","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:18,7437443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:18,7442668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:18,7447884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:18,7453104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:18,7458310","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:18,7461375","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7463525","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:18,7465760","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:18,7467393","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:18,7469954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 126.976, Length: 2.560"
"12:27:18,7487956","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 124.508, Length: 4.096"
"12:27:18,7489444","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7492831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,7494258","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:18,7495896","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:18,7497645","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:18,7502403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:18,7506826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:18,7511290","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:18,7515708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:18,7517560","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7520896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:18,7523163","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:18,7524800","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:18,7528812","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:18,7530799","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7534410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:18,7535553","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,7538888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:18,7542051","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7543647","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:18,7547645","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:18,7548088","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:18,7549669","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,7552515","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:18,7556928","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:18,7561341","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:18,7564037","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7565768","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:18,7570102","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:18,7570956","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:18,7572906","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:18,7575742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:18,7580174","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:18,7580580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:18,7582912","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7700000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:18,7585324","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:18,7585375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:18,7586588","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7589028","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976285, endtime: 976285, seqnum: 0, connid: 0"
"12:27:18,7589816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:18,7594589","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:18,7595410","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7599020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:18,7600560","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:18,7601838","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7602967","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:18,7603457","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:18,7603905","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7606237","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976285, endtime: 976285, seqnum: 0, connid: 0"
"12:27:18,7607888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:18,7612292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:18,7617050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:18,7617064","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:18,7621874","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:18,7623148","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7625527","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976285, endtime: 976285, seqnum: 0, connid: 0"
"12:27:18,7626301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:18,7630714","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:18,7635127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:18,7637171","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7639209","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7641215","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976285, endtime: 976285, seqnum: 0, connid: 0"
"12:27:18,7641532","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 126.976, Length: 2.560"
"12:27:18,7661993","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 124.508, Length: 4.096"
"12:27:18,7677490","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7683107","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:18,7685103","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:18,7691863","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7696332","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:18,7700353","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,7714712","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7719153","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:18,7723958","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:18,7734221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 129.024, Length: 512"
"12:27:18,7738858","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7743663","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:18,7746863","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:18,7760849","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7765300","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:18,7769335","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:18,7794181","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7798640","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:18,7800590","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:18,7814086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rasl2tp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,7825865","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7830306","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:18,7831939","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:18,7853613","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7857974","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:18,7859593","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:18,7881621","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7885633","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:18,7887289","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:18,7909121","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7911939","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7913954","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976286, endtime: 976286, seqnum: 0, connid: 0"
"12:27:18,7915275","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7922515","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:18,7924954","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:18,7934014","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:18,7936048","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976286, endtime: 976286, seqnum: 0, connid: 0"
"12:27:18,7951811","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7955874","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:18,7957815","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:18,7979110","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,7983500","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:18,7985138","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:18,8007991","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8012013","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:18,8013972","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:18,8058056","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8063640","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:18,8065651","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:18,8090576","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8095334","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:18,8096967","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:18,8102994","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8107449","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,8114610","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8120628","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:18,8123016","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,8137916","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8143953","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:18,8146729","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:18,8155797","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:18,8159007","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7700000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:18,8161838","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:18,8181898","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:18,8223598","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8228856","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:18,8230857","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:18,8237295","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8242440","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:18,8246466","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,8260499","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8264940","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:18,8268513","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:18,8281776","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8286170","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:18,8289403","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:18,8302647","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8307055","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:18,8307316","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:18,8310241","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:18,8311361","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,8314118","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:18,8316175","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:18,8318139","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:18,8320514","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:18,8322991","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:18,8333916","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8338353","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:18,8339985","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:18,8356653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:18,8361463","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,8361636","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8365652","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:18,8367280","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:18,8378948","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:18,8388478","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8392149","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:18,8394104","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:18,8402944","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,8408953","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 635.586, Length: 16.200"
"12:27:18,8415353","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8419384","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:18,8421772","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:18,8431811","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,8436598","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\ndistapi.sys","NO SUCH FILE","Filter: ndistapi.sys"
"12:27:18,8439457","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:18,8443446","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8447472","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:18,8449090","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:18,8455859","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,8459853","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Filter: ndistapi.sys, 1: ndistapi.sys"
"12:27:18,8463524","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:18,8470769","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8474767","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:18,8476395","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:18,8490404","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,8495969","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:18,8498008","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,8498073","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8502076","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:18,8504053","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:18,8504445","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,8508392","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,8511629","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,8526114","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8530140","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:18,8531764","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:18,8539321","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,8542549","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:18,8544536","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:18,8550941","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,8553395","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8554566","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,8557426","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:18,8558858","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,8559413","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:18,8582188","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,8586969","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:18,8590533","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8590995","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,8595772","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:18,8597750","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:18,8604141","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8608582","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,8615402","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8618509","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 20.292, Length: 3.772"
"12:27:18,8621803","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:18,8623818","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,8630456","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:18,8644321","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8647330","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 19.464, Length: 4.096"
"12:27:18,8650283","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:18,8653917","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:18,8656356","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:18,8663839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,8665747","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:18,8668588","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:18,8673024","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:18,8704709","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 18.944, Length: 4.096"
"12:27:18,8711539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:27:18,8731197","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 22.016, Length: 2.048"
"12:27:18,8739608","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,8763670","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:18,8815055","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 20.292, Length: 3.772"
"12:27:18,8817476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,8825477","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 11.264, Length: 4.096"
"12:27:18,8828700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 20.292, Length: 3.772"
"12:27:18,8877860","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:18,8916612","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8922975","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:18,8924990","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:18,8934255","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8939816","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:18,8943856","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,8965329","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8970913","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:18,8974584","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:18,8988598","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,8993379","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:18,8996598","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:18,8999630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndistapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,9010271","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9014712","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:18,9017903","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:18,9050819","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9055652","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:18,9057649","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:18,9079309","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9083708","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:18,9085345","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:18,9106566","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9110601","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:18,9112229","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:18,9134673","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9138703","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:18,9140644","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:18,9161548","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9165569","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:18,9167556","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:18,9189981","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9194002","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:18,9195621","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:18,9216931","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9222543","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:18,9224497","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:18,9246185","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9250201","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:18,9251825","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:18,9273895","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9277926","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:18,9279880","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:18,9301185","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9305188","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:18,9306816","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:18,9312829","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9317578","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,9325201","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9330827","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:18,9332842","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,9346524","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9352108","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:18,9354893","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:18,9364345","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:18,9370764","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:18,9374808","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:18,9377584","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:18,9386429","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9392507","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:18,9395260","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:18,9410962","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:18,9445810","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:18,9491895","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9498286","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:18,9500763","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:18,9507579","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9512771","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:18,9516806","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,9524233","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:18,9528296","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:18,9531044","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:18,9533124","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:18,9535102","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:18,9535200","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9537080","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:18,9539110","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:18,9540462","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:18,9544866","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:18,9560471","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9564940","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:18,9568513","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:18,9574400","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:18,9579219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,9583749","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9589006","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:18,9593009","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:18,9596629","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:18,9623467","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9629097","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:18,9631551","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:18,9634490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,9640545","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.932.584, Length: 16.200"
"12:27:18,9660838","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9661794","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,9666847","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:18,9667812","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\ndiswan.sys","NO SUCH FILE","Filter: ndiswan.sys"
"12:27:18,9669618","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:18,9671003","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:18,9687918","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,9691907","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Filter: ndiswan.sys, 1: ndiswan.sys"
"12:27:18,9695919","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:18,9698914","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9704167","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:18,9706914","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:18,9728527","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,9735408","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9736145","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:18,9738520","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,9741043","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:18,9743441","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:18,9746973","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,9751017","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,9755407","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,9772332","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9777911","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:18,9780313","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:18,9784698","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,9788267","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:18,9789905","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:18,9796319","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,9799948","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:18,9803517","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:18,9808425","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9814041","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:18,9816458","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:18,9817563","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:18,9822004","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:18,9825242","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:18,9850162","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9855756","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:18,9858172","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:18,9858783","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 157.136, Length: 4.096"
"12:27:18,9862450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 155.648, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,9877775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:18,9886671","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9892245","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:18,9894652","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:18,9895781","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 152.080, Length: 4.096"
"12:27:18,9899024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 151.552, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:18,9924924","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9928632","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:18,9932313","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:18,9936540","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:18,9944988","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9951388","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,9961395","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9969446","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:18,9970832","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 158.208, Length: 4.096"
"12:27:18,9972255","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:18,9976411","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 48.128, Length: 4.096"
"12:27:18,9990681","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:18,9997530","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:19,0001140","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:19,0010830","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 162.304, Length: 2.048"
"12:27:19,0011361","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:19,0015705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 163.840, Length: 512, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,0016973","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:19,0034215","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,0039039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 156.160, Length: 4.096"
"12:27:19,0042164","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:19,0100468","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,0108449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 65.024, Length: 4.096"
"12:27:19,0111682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 157.136, Length: 4.096"
"12:27:19,0116501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,0122953","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:19,0128500","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:19,0132381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:19,0134107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:19,0139341","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:19,0144566","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:19,0149786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:19,0155011","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:19,0160222","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:19,0165213","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0165446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:19,0170662","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:19,0171245","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:19,0174081","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:19,0175873","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:19,0181097","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:19,0182851","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0186313","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:19,0188902","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:19,0191528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:19,0194085","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,0196772","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:19,0202328","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:19,0207539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:19,0212731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:19,0217023","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0217629","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:19,0223246","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:19,0223456","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:19,0227482","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:19,0228788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:19,0233681","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:19,0238887","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:19,0241957","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0244098","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:19,0246753","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:19,0249318","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:19,0249981","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:19,0254534","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:19,0259731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:19,0264946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:19,0268006","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0270157","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:19,0272839","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:19,0275368","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:19,0276067","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:19,0280597","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:19,0285799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:19,0291019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:19,0296230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:19,0300512","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:19,0301445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:19,0306661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:19,0311871","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:19,0317087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:19,0322713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:19,0323772","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0327938","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 163.840, Length: 512"
"12:27:19,0328166","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: DNCI"
"12:27:19,0329818","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:19,0341205","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 157.136, Length: 4.096"
"12:27:19,0345963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,0350414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:19,0351435","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0354841","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:19,0355480","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:19,0357117","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:19,0360033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:19,0364810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:19,0369228","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:19,0373655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:19,0378068","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:19,0379178","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0382490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:19,0383195","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:19,0385140","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:19,0386913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:19,0391344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:19,0395748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:19,0400166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:19,0404574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:19,0406048","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0408987","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:19,0410074","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:19,0412015","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:19,0413410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:19,0417823","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:19,0423430","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:19,0427843","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:19,0432266","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:19,0436665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:19,0441073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:19,0445276","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0445496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:19,0449890","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:19,0451663","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:19,0454317","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:19,0454476","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:19,0458740","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:19,0463153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:19,0467556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:19,0471979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:19,0476383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:19,0480796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:19,0485008","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0486772","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:19,0489808","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:19,0491217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:19,0491828","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:19,0495644","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:19,0500053","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:19,0504461","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:19,0508888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:19,0513301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:19,0515065","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0518475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:19,0521465","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:19,0523350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:19,0524530","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:19,0528491","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 163.840, Length: 512"
"12:27:19,0546180","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 157.136, Length: 4.096"
"12:27:19,0555445","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0560595","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:19,0562261","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:19,0584317","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0588702","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:19,0590339","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:19,0596315","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0600751","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,0607548","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0613188","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:19,0615572","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,0615964","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 163.840, Length: 512"
"12:27:19,0647299","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:19,0728358","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndiswan.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,0733998","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:19,0737198","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:19,0747424","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,0749882","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,0752275","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:19,0761899","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:19,0764334","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:19,0766769","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:19,0792044","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:19,0842492","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0848514","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:19,0850875","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:19,0857714","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0862533","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:19,0866540","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,0880927","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0885396","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:19,0889790","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:19,0904242","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0909061","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:19,0912266","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:19,0928734","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0933548","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:19,0937527","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:19,0963651","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0968447","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, FileAttributes: ANCI"
"12:27:19,0970406","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:19,0993316","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,0997720","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:19,0999371","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:19,1026978","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1031457","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:19,1033416","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:19,1057124","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1061495","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:19,1063128","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:19,1086028","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1090390","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:19,1092009","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:19,1114485","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1118506","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:19,1121300","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:19,1144980","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1149346","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:19,1150988","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:19,1175871","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1180252","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:19,1181875","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:19,1202756","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1206754","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:19,1208377","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:19,1214824","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:19,1218878","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,1222862","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:19,1225302","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:19,1227294","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:19,1229271","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:19,1231291","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:19,1236465","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1242030","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:19,1244456","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:19,1252447","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1258087","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,1268154","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1268560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:19,1276117","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:19,1276910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,1278926","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,1290989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:19,1303118","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1311613","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:19,1315984","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:19,1318811","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:19,1319185","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,1327199","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.853.664, Length: 16.200"
"12:27:19,1330287","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:19,1333889","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:19,1340266","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:19,1342701","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:16, LastWriteTime: 06.10.2013 12:27:16, ChangeTime: 06.10.2013 12:27:16, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:19,1351653","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,1357232","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\raspppoe.sys","NO SUCH FILE","Filter: raspppoe.sys"
"12:27:19,1360479","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:19,1378514","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,1382540","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Filter: raspppoe.sys, 1: raspppoe.sys"
"12:27:19,1383664","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:19,1386557","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:19,1415825","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,1422626","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:19,1424726","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1425486","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,1430300","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:19,1432306","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:19,1433076","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,1437107","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,1438730","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1440722","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,1443558","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:19,1447584","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,1461994","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1466435","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:19,1468371","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,1469687","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:19,1471642","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:19,1473605","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:19,1480048","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,1483304","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1484022","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,1488062","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,1488095","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:19,1491314","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:19,1503294","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,1505374","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1507301","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:19,1509811","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:19,1510921","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,1513020","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:19,1542223","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 87.844, Length: 4.096"
"12:27:19,1544164","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1549253","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:19,1549776","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:19,1552108","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:19,1570414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 86.536, Length: 4.096"
"12:27:19,1575797","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1579865","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:19,1581819","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:19,1588094","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,1603087","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1607113","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:19,1608741","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:19,1633526","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 86.528, Length: 4.096"
"12:27:19,1633559","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1637590","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:19,1639222","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:19,1639889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 28.160, Length: 4.096"
"12:27:19,1649994","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 90.624, Length: 2.048"
"12:27:19,1661241","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1665272","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:19,1666890","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:19,1674000","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,1688181","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1692170","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:19,1693798","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:19,1714235","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1718243","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:19,1722297","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:19,1735834","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 87.844, Length: 4.096"
"12:27:19,1738629","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,1743924","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1746214","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 31.232, Length: 4.096"
"12:27:19,1747940","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:19,1749923","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:19,1750240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 87.844, Length: 4.096"
"12:27:19,1770799","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1774787","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:19,1776406","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:19,1797268","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1801308","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:19,1802936","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:19,1808879","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1812952","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,1821335","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1827320","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:19,1829013","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,1843778","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1846176","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 92.160, Length: 512"
"12:27:19,1851433","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:19,1855072","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:19,1857847","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:19,1866179","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:19,1870597","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:19,1885814","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:19,1924417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspppoe.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,1971426","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:19,1995106","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,1999538","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:19,2001520","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:19,2007538","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2012002","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:19,2016024","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,2030014","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2034450","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:19,2038042","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:19,2050531","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2054934","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:19,2058116","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:19,2071346","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2075759","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:19,2078964","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:19,2102256","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:19,2126696","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2130755","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:19,2132723","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:19,2154439","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2158801","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:19,2160433","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:19,2182126","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2186483","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:19,2188125","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:19,2209365","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2213386","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:19,2215014","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:19,2238670","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2242677","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:19,2244301","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:19,2265540","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2269552","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:19,2271162","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:19,2293171","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2296843","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:19,2298461","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:19,2321693","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2325719","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:19,2327342","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:19,2348965","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2352963","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:19,2354581","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:19,2360226","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2364639","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,2371455","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2377029","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:19,2379031","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:19,2386252","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:19,2396342","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:19,2406265","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:19,2410622","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,2413057","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:19,2415446","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:19,2417097","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:19,2419066","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:19,2421874","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:19,2443081","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:19,2459231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:19,2464041","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,2484772","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:19,2486358","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:19,2496770","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:19,2504342","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:19,2511932","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:19,2526771","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:19,2531865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,2538233","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.797.288, Length: 16.200"
"12:27:19,2559991","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,2564744","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\raspptp.sys","NO SUCH FILE","Filter: raspptp.sys"
"12:27:19,2567581","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:19,2584034","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,2588018","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Filter: raspptp.sys, 1: raspptp.sys"
"12:27:19,2591680","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:19,2617711","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,2624545","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:19,2626555","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,2632951","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,2636581","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,2639809","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,2666283","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,2669515","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:19,2671461","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:19,2677488","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,2681089","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,2684313","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,2697510","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,2701135","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:19,2704330","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,2730846","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 105.580, Length: 4.096"
"12:27:19,2736108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:19,2768572","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,2811476","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 105.472, Length: 4.096"
"12:27:19,2816668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:19,2838370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 109.056, Length: 2.048"
"12:27:19,2856050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,2915804","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 105.580, Length: 4.096"
"12:27:19,2918230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,2925820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:19,2929039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 105.580, Length: 4.096"
"12:27:19,2933834","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,2939087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:19,2944303","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:19,2949877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:19,2953283","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.350.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,2955102","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:19,2956446","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.354.816, EndOfFile: 408.350.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,2960336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:19,2960485","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.350.079, Length: 7.300, Priority: Normal"
"12:27:19,2965547","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:19,2970753","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:19,2975955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:19,2978926","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.357.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,2981198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:19,2981576","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.357.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,2985952","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.357.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,2986441","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:19,2987972","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.357.379, Length: 2.920"
"12:27:19,2991195","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.360.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,2991666","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:19,2996863","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:19,3002060","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:19,3007261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:19,3012136","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:19,3016582","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.360.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3017347","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:19,3023775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:19,3025805","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.360.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3028161","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.360.299, Length: 4.380"
"12:27:19,3029364","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:19,3031375","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.364.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3035377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:19,3040583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:19,3045785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:19,3050977","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:19,3055861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:19,3058665","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.364.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3061464","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.364.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3061828","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:19,3063092","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.364.679, Length: 1.460"
"12:27:19,3065485","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.366.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3067076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:19,3072277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:19,3077484","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 110.592, Length: 512"
"12:27:19,3081537","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.366.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3083548","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.366.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3085139","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.366.139, Length: 2.920"
"12:27:19,3087574","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.369.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3091124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 105.580, Length: 4.096"
"12:27:19,3095584","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,3100333","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:19,3104737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:19,3107475","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.369.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3109611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:19,3109877","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.369.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3111482","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.369.059, Length: 1.460"
"12:27:19,3113875","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.370.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3114407","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:19,3118820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:19,3124446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:19,3128864","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:19,3133268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:19,3137671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:19,3139747","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.370.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3141772","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.370.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3142122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:19,3143358","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.370.519, Length: 2.920"
"12:27:19,3145784","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.373.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3146540","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:19,3150934","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:19,3155342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:19,3159746","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:19,3164150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:19,3168554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:19,3170518","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.373.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3172500","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.373.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3172967","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:19,3174091","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.373.439, Length: 2.920"
"12:27:19,3176876","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.376.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3177385","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:19,3181788","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:19,3186183","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:19,3190274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:19,3190782","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.376.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3193120","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.376.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3195130","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.376.359, Length: 1.460"
"12:27:19,3195466","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:19,3197533","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.377.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,3200682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:19,3205104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:19,3209503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:19,3213902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:19,3218311","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 110.592, Length: 512"
"12:27:19,3233999","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 105.580, Length: 4.096"
"12:27:19,3301795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 110.592, Length: 512"
"12:27:19,3381175","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\raspptp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,3839423","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:19,3843794","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,3846234","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:19,3848622","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:19,3850278","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:19,3853030","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:19,3855050","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:19,3890332","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:19,3894787","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,3927969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:19,3953211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,3959234","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 908.880, Length: 16.200"
"12:27:19,3980488","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,3984943","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\rassstp.sys","NO SUCH FILE","Filter: rassstp.sys"
"12:27:19,3988096","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:19,4004153","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,4007810","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Filter: rassstp.sys, 1: rassstp.sys"
"12:27:19,4011813","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:19,4040335","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,4045905","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:19,4047915","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,4054302","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,4057917","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,4061150","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,4087227","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,4090451","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:19,4092830","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:19,4098895","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,4102501","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,4105724","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,4119775","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,4124547","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:19,4127794","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,4132371","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,4136765","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:19,4140399","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:19,4144775","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:19,4147205","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:19,4149622","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,4151632","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:19,4153834","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 78.436, Length: 4.096"
"12:27:19,4155136","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:19,4159078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:19,4165133","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:19,4167941","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:19,4170339","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,4172769","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:19,4175886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 38.324, Length: 4.096"
"12:27:19,4175928","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:19,4178386","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:19,4180406","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:19,4182398","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,4184399","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:19,4186764","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:19,4188812","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:19,4190800","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:19,4192395","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,4233694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 78.336, Length: 4.096"
"12:27:19,4238854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 30.720, Length: 4.096"
"12:27:19,4252499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 81.920, Length: 2.048"
"12:27:19,4279775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,4342006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 78.436, Length: 4.096"
"12:27:19,4344423","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,4351262","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 34.304, Length: 4.096"
"12:27:19,4354462","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 78.436, Length: 4.096"
"12:27:19,4448742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 83.456, Length: 512"
"12:27:19,4529819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rassstp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,4633755","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:19,4636559","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:19,4638929","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:19,4642143","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:19,4645763","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:19,5027346","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:19,5031353","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,5035776","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:19,5038174","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:19,5040147","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:19,5041794","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:19,5043818","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:19,5076650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:19,5081488","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,5114997","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:19,5139731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,5145739","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 392.424, Length: 16.200"
"12:27:19,5167002","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,5171481","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\rdpbus.sys","NO SUCH FILE","Filter: rdpbus.sys"
"12:27:19,5174653","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:19,5190705","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,5194372","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Filter: rdpbus.sys, 1: rdpbus.sys"
"12:27:19,5198365","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:19,5225268","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,5231216","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:19,5233236","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,5239636","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,5243266","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,5246489","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,5272566","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,5275785","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:19,5277413","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:19,5283753","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,5287051","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,5290587","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,5303500","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,5307437","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:19,5310633","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,5335987","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 20.400, Length: 3.664"
"12:27:19,5341538","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:19,5357642","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 19.976, Length: 4.088"
"12:27:19,5374455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,5414569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 19.968, Length: 4.096"
"12:27:19,5418600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:19,5437446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 22.016, Length: 2.048"
"12:27:19,5445503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,5504496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 20.400, Length: 3.664"
"12:27:19,5507230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,5514106","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 10.240, Length: 4.096"
"12:27:19,5517316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 20.400, Length: 3.664"
"12:27:19,5604472","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5607299","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5609323","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976293, endtime: 976293, seqnum: 0, connid: 0"
"12:27:19,5626201","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5628137","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5628996","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5630162","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5631431","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976293, endtime: 976293, seqnum: 0, connid: 0"
"12:27:19,5685004","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.377.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,5687840","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.377.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,5689473","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.377.819, Length: 2.920"
"12:27:19,5692692","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.380.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,5711538","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rdpbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,5732092","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.380.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,5734882","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.380.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,5736515","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.380.739, Length: 5.840"
"12:27:19,5739719","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.386.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,5934936","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5938173","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976294, endtime: 976294, seqnum: 0, connid: 0"
"12:27:19,5956558","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5958242","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5959432","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5960598","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5961447","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5963443","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,5964974","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976294, endtime: 976294, seqnum: 0, connid: 0"
"12:27:19,6051206","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.386.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6054033","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.386.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6055685","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.386.579, Length: 1.460"
"12:27:19,6059239","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.388.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6087574","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.388.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6092911","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.388.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6095720","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.388.039, Length: 2.920"
"12:27:19,6099675","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.390.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6127763","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.390.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6131677","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.390.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6135279","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.390.959, Length: 5.840"
"12:27:19,6138530","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.396.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6240143","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:19,6244519","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,6246949","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:19,6249333","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:19,6250989","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:19,6252967","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:19,6254978","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:19,6263501","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6266333","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6268339","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976294, endtime: 976294, seqnum: 0, connid: 0"
"12:27:19,6284004","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6285632","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6286803","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6287969","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6288818","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6290381","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976294, endtime: 976294, seqnum: 0, connid: 0"
"12:27:19,6293912","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:19,6298694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,6316523","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:19,6333299","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.396.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6336989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,6337320","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.396.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6339302","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.396.799, Length: 2.920"
"12:27:19,6342115","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.399.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6342591","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.623.138, Length: 16.200"
"12:27:19,6363467","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,6367908","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\swenum.sys","NO SUCH FILE","Filter: swenum.sys"
"12:27:19,6370749","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:19,6387123","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,6390795","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Filter: swenum.sys, 1: swenum.sys"
"12:27:19,6394788","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:19,6433923","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,6440286","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:19,6442315","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,6449159","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,6453133","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,6456758","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,6480363","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.399.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6483521","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.399.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6484417","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,6485182","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.399.719, Length: 7.300"
"12:27:19,6487668","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:19,6488401","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.407.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6489310","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:19,6495650","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,6499261","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,6502503","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,6515761","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,6519390","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:19,6523346","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,6552810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:19,6561198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:19,6586445","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6589272","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6591292","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976294, endtime: 976294, seqnum: 0, connid: 0"
"12:27:19,6607311","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6608935","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6609793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,6610124","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6611319","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6612168","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6613726","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976294, endtime: 976294, seqnum: 0, connid: 0"
"12:27:19,6651937","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 5.248, Length: 7.248"
"12:27:19,6657917","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 3.200, Length: 4.096"
"12:27:19,6661127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 1.408, Length: 4.096"
"12:27:19,6669127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 5.504, Length: 4.096"
"12:27:19,6671926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 5.248, Length: 4.096"
"12:27:19,6674735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:19,6678649","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.407.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6681462","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.407.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6682772","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,6683425","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.407.019, Length: 2.920"
"12:27:19,6686640","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.409.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6696847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 5.248, Length: 4.096"
"12:27:19,6720069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 9.344, Length: 3.152"
"12:27:19,6726162","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:19,6726605","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.409.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6729413","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.409.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6731060","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.409.939, Length: 7.300"
"12:27:19,6734624","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.417.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,6795017","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,6801091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:19,6890244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 3.416, Length: 4.096"
"12:27:19,6893038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,6937215","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6940024","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6942422","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976295, endtime: 976295, seqnum: 0, connid: 0"
"12:27:19,6958488","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6960433","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6961296","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6962066","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 5.248, Length: 4.096"
"12:27:19,6962486","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6963330","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,6964898","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976295, endtime: 976295, seqnum: 0, connid: 0"
"12:27:19,6997693","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.417.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7000510","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.417.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7002143","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.417.239, Length: 2.920"
"12:27:19,7004937","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.420.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7041259","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.420.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7044039","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.420.352, EndOfFile: 408.420.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7048023","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.420.159, Length: 7.300, Priority: Normal"
"12:27:19,7067313","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.427.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7123974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\swenum.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,7264106","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7266924","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7268939","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976295, endtime: 976295, seqnum: 0, connid: 0"
"12:27:19,7284954","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7286587","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7287753","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7288597","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7289759","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7291317","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976295, endtime: 976295, seqnum: 0, connid: 0"
"12:27:19,7335816","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.427.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7338937","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.427.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7340579","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.427.459, Length: 2.920"
"12:27:19,7343779","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.430.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7379588","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.430.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7382387","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.430.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7384043","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.430.379, Length: 7.300"
"12:27:19,7387584","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.437.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7600578","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7603765","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7605785","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976295, endtime: 976295, seqnum: 0, connid: 0"
"12:27:19,7622597","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7623847","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7625023","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7626236","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7627080","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7628652","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976295, endtime: 976295, seqnum: 0, connid: 0"
"12:27:19,7635216","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:19,7639270","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,7642027","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:19,7644112","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:19,7646076","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:19,7648040","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:19,7650065","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:19,7684600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:19,7689395","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,7694186","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.437.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7697330","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.437.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7698945","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.437.679, Length: 10.220"
"12:27:19,7702565","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.447.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,7707598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:19,7739847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,7745860","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.282.938, Length: 16.200"
"12:27:19,7768770","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,7773529","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\ks.sys","NO SUCH FILE","Filter: ks.sys"
"12:27:19,7776374","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:19,7792380","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,7796033","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\ks.sys","SUCCESS","Filter: ks.sys, 1: ks.sys"
"12:27:19,7800404","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:19,7827335","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,7832891","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:19,7834584","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,7840966","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,7844586","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,7847805","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,7873481","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,7876700","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:19,7878640","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:19,7884677","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,7888278","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:19,7891492","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:19,7904382","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,7907988","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:19,7911183","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:19,7928005","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7930814","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:19,7933160","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976296, endtime: 976296, seqnum: 0, connid: 0"
"12:27:19,7940881","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 236.716, Length: 4.096"
"12:27:19,7944445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 233.472, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,7958706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:19,7989579","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,8014728","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.447.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,8017522","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.447.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,8019556","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.447.899, Length: 2.920"
"12:27:19,8022784","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.450.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:19,8044756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 227.840, Length: 4.096"
"12:27:19,8048325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 225.280, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8065847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 231.936, Length: 4.096"
"12:27:19,8096272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 236.032, Length: 4.096"
"12:27:19,8116383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 60.928, Length: 4.096"
"12:27:19,8129585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 240.128, Length: 3.584"
"12:27:19,8158498","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,8185387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 189.952, Length: 4.096"
"12:27:19,8188616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 188.416, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8217893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:19,8239585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 62.976, Length: 4.096"
"12:27:19,8272063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 236.716, Length: 4.096"
"12:27:19,8274494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,8282499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:19,8285685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 236.716, Length: 4.096"
"12:27:19,8290522","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,8295780","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:19,8300995","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:19,8306202","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:19,8311403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:19,8316609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:19,8330128","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:19,8336571","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:19,8342150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:19,8347370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:19,8352572","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:19,8357470","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:19,8362667","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:19,8367873","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:19,8373074","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:19,8378285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:19,8383487","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:19,8388688","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:19,8393572","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:19,8398769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:19,8403975","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:19,8409181","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:19,8414392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:19,8419640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:19,8425210","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:19,8430412","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:19,8435296","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:19,8440493","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:19,8445690","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:19,8450886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:19,8456079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:19,8460968","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:19,8466164","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:19,8468991","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 131.072, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8484157","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:19,8487446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 135.168, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8502421","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:19,8505710","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 139.264, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8522443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:19,8526082","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 143.360, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8540748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:19,8544345","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 147.456, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8558373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:19,8561979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 151.552, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8578400","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:19,8582001","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 155.648, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8596024","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:19,8599621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 159.744, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8613989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:19,8617600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 163.840, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8631450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:19,8635075","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 167.936, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8645109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:19,8647866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 172.032, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8656328","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:19,8658708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 176.128, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8666787","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:19,8669148","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 180.224, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8677204","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:19,8679560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 184.320, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,8688008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:19,8693620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:19,8700091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:19,8705679","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:19,8710890","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:19,8716101","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:19,8722548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:19,8728151","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:19,8733376","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:19,8742957","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:19,8749041","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:19,8754643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:19,8761006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:19,8766245","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 241.664, Length: 2.048"
"12:27:19,8783090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 236.716, Length: 4.096"
"12:27:19,8787951","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,8792710","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:19,8797127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:19,8801531","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:19,8805930","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:19,8810021","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:19,8814421","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:19,8820443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:19,8825229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:19,8832796","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:19,8840335","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:19,8845191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:19,8849655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:19,8854395","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:19,8858817","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:19,8863235","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:19,8867662","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:19,8872075","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:19,8876488","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:19,8880897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:19,8885310","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:19,8889723","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:19,8897252","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:19,8906069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:19,8910865","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:19,8915292","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:19,8926124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:19,8930948","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:19,8935356","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:19,8939764","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:19,8944173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:19,8948581","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:19,8952990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:19,8957393","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:19,8961807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:19,8966215","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:19,8970619","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:19,8975027","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:19,8979436","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:19,8983835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:19,8987921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:19,8992320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:19,8996724","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:19,9001123","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:19,9005536","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:19,9009949","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:19,9014358","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:19,9019186","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:19,9023963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:19,9028371","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:19,9032458","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:19,9036857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:19,9041261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:19,9045665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:19,9050073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:19,9054481","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:19,9058881","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:19,9063284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:19,9069773","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:19,9074536","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 241.664, Length: 2.048"
"12:27:19,9094600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 236.716, Length: 4.096"
"12:27:19,9173630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 242.688, Length: 1.024"
"12:27:19,9297444","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ks.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,9817685","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:19,9822513","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:19,9824948","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:19,9827337","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:19,9829305","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:19,9830966","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:19,9832995","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:19,9868701","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:19,9873861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:19,9906506","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:19,9931888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:19,9938252","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 421.098, Length: 16.200"
"12:27:19,9959948","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,9964399","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\umbus.sys","NO SUCH FILE","Filter: umbus.sys"
"12:27:19,9967562","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:19,9983619","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:19,9987607","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Filter: umbus.sys, 1: umbus.sys"
"12:27:19,9991605","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:20,0018107","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,0024951","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:20,0026971","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,0033394","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,0037345","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,0040583","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,0066693","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,0074670","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:20,0079694","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:20,0088987","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,0094151","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,0098224","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,0113842","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,0117859","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:20,0123028","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,0149907","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:20,0157124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:20,0188016","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,0228970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:20,0232996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:27:20,0244215","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 45.568, Length: 3.072"
"12:27:20,0253466","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,0258289","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:20,0311209","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 3.484, Length: 4.096"
"12:27:20,0313630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,0322438","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:20,0325652","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 3.484, Length: 4.096"
"12:27:20,0330461","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,0335714","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:20,0340925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:20,0346500","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:20,0351701","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:20,0356585","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:20,0361787","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:20,0366993","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:20,0372199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:20,0377396","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:20,0382597","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:20,0387477","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 45.056, Length: 3.584"
"12:27:20,0404682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 3.484, Length: 4.096"
"12:27:20,0409090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,0413526","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:20,0417939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:20,0422716","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:20,0426803","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:20,0431202","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:20,0435606","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:20,0440014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:20,0445659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:20,0450403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:20,0454802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:20,0458898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 45.056, Length: 3.584"
"12:27:20,0476919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 3.484, Length: 4.096"
"12:27:20,0549105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 7.580, Length: 4.096"
"12:27:20,0552366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 11.676, Length: 4.096"
"12:27:20,0680686","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\umbus.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,0969184","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:20,0973532","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,0975967","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:20,0978346","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:20,0979997","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:20,0981957","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:20,0983981","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:20,1015726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\umbus.sys.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Synchronous"
"12:27:20,1020872","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\umbus.sys.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,1036621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\umbus.sys.mui","SUCCESS","Offset: 184, Length: 2.888"
"12:27:20,1054665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\umbus.sys.mui","SUCCESS","Offset: 0, Length: 3.072"
"12:27:20,1060245","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.462.622, Length: 16.200"
"12:27:20,1083495","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,1087899","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\umbus.sys.mui","NO SUCH FILE","Filter: umbus.sys.mui"
"12:27:20,1090707","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:20,1105994","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,1109633","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\umbus.sys.mui","SUCCESS","Filter: umbus.sys.mui, 1: umbus.sys.mui"
"12:27:20,1113593","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:20,1147639","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,1153624","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:20,1155644","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,1162431","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,1166084","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,1169695","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,1196211","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,1199761","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:20,1201384","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:20,1207411","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,1210999","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,1214222","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,1228227","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,1231851","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:20,1235093","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,2028964","svchost.exe","2096","Thread Exit","","SUCCESS","Thread ID: 9544, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:20,2113443","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:20,2117511","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,2121126","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:20,2123878","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:20,2125539","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:20,2127512","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:20,2129523","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:20,2164823","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:20,2169623","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,2209397","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:20,2243204","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,2249609","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.767.156, Length: 16.200"
"12:27:20,2272925","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,2277739","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\usbhub.sys","NO SUCH FILE","Filter: usbhub.sys"
"12:27:20,2280907","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:20,2297356","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,2301036","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Filter: usbhub.sys, 1: usbhub.sys"
"12:27:20,2305044","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:20,2332292","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,2337545","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:20,2339555","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,2345951","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,2349576","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,2353121","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,2379245","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,2382478","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:20,2384423","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:20,2390460","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,2394057","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,2397266","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,2410151","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,2413766","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:20,2416966","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,2443058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 296.036, Length: 4.096"
"12:27:20,2446640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 294.912, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,2461582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:20,2492077","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,2540090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 295.936, Length: 4.096"
"12:27:20,2545725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 300.032, Length: 4.096"
"12:27:20,2548939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 303.104, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,2562020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 252.416, Length: 4.096"
"12:27:20,2565966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 249.856, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,2607191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 309.760, Length: 4.096"
"12:27:20,2610848","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 307.200, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,2626033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 338.432, Length: 4.096"
"12:27:20,2629989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 335.872, Length: 7.168, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,2647893","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,2711230","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 296.036, Length: 4.096"
"12:27:20,2714038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,2723699","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:20,2726904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 266.240, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,2740960","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 296.036, Length: 4.096"
"12:27:20,2747034","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,2752641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:20,2758197","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:20,2763482","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:20,2769025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:20,2774235","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:20,2779451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:20,2784340","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:20,2789541","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:20,2794743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:20,2799944","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:20,2805160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:20,2810361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:20,2815558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:20,2822840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:20,2828816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:20,2834045","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:20,2839261","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:20,2844458","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:20,2849342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:20,2854539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:20,2859745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:20,2864956","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:20,2870162","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:20,2875410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:20,2880966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:20,2886191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:20,2891387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:20,2896272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:20,2901469","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:20,2906665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:20,2912277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:20,2917521","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:20,2923501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:20,2928726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:20,2933946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:20,2939166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:20,2944377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:20,2949574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:20,2954771","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:20,2959655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:20,2964852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:20,2970063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:20,2975264","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:20,2980456","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:20,2985341","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:20,2990528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:20,2995729","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:20,3000936","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:20,3006137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:20,3011017","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:20,3016209","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:20,3022633","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:20,3028193","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:20,3033399","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:20,3038284","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:20,3043490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:20,3048696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:20,3053897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:20,3059108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:20,3064300","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:20,3069189","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:20,3074386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:20,3079611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:20,3084822","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:20,3090023","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:20,3095229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:20,3100426","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:20,3105306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:20,3110498","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:20,3115695","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:20,3120947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:20,3126149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:20,3131336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:20,3136528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:20,3141403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:20,3146596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:20,3151792","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:20,3156985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:20,3161864","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:20,3167052","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:20,3172253","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:20,3177445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:20,3182315","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 339.968, Length: 3.072"
"12:27:20,3199548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 296.036, Length: 4.096"
"12:27:20,3204325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,3208757","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:20,3213170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:20,3217569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:20,3222364","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:20,3226465","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:20,3230873","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:20,3235277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:20,3239681","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:20,3244085","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:20,3248488","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:20,3252897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:20,3257296","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:20,3261695","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:20,3265777","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:20,3270181","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:20,3274580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:20,3278979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:20,3283383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:20,3287772","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:20,3291854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:20,3296253","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:20,3300653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:20,3305056","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:20,3309451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:20,3313850","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:20,3317932","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:20,3323119","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:20,3327537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:20,3331941","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:20,3336349","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:20,3340758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:20,3345157","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:20,3349560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:20,3353959","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:20,3358051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:20,3362445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:20,3366844","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:20,3371253","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:20,3375652","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:20,3380051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:20,3384137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:20,3388546","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:20,3392945","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:20,3397344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:20,3401748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:20,3406156","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:20,3410560","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:20,3414954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:20,3419032","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:20,3424602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:20,3429019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:20,3433418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:20,3437808","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:20,3441899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:20,3446303","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:20,3450707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:20,3455111","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:20,3459519","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:20,3463918","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:20,3468322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:20,3472712","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:20,3476808","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:20,3481207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:20,3485620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:20,3490019","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:20,3494418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:20,3498817","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:20,3503211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:20,3507298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:20,3511692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:20,3516096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:20,3520920","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:20,3525333","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:20,3529737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:20,3534140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:20,3538535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:20,3542934","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:20,3547016","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:20,3551420","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:20,3555823","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:20,3560222","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:20,3564621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:20,3569025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 339.968, Length: 3.072"
"12:27:20,3586692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 296.036, Length: 4.096"
"12:27:20,3643115","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:20,3647122","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:20,3650761","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:20,3653952","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:20,3656004","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:20,3658351","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:20,3660543","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 301.568, Length: 4.096"
"12:27:20,3660781","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:20,3663156","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:20,3665194","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:20,3665339","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 305.664, Length: 4.096"
"12:27:20,3667597","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:20,3669635","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:20,3672033","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:20,3673992","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:20,3676040","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:20,3677986","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:20,3679656","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:20,3681657","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3683290","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:20,3685632","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:20,3687647","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:20,3689662","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:20,3691705","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:20,3693721","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:20,3696063","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:20,3697700","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:20,3699739","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:20,3701689","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:20,3703335","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:20,3705323","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3706941","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:20,3708938","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3716537","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3723395","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3726553","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3728601","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:20,3731013","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3733378","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3739032","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3741402","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3743403","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3745470","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3747452","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:20,3749808","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3751450","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:20,3755014","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3757053","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3759101","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3761111","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:20,3763486","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3765487","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3767488","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3769508","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3771510","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3773553","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3775643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbhub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,3778722","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:20,3782682","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3784744","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:20,3797671","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3800871","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3804104","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3806152","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:20,3808956","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3811316","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3813317","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3815351","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3817343","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3820198","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3822195","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:20,3824569","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3826207","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:20,3836031","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3839250","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3842805","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3844857","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:20,3847288","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3869489","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3872372","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3875926","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3881426","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:20,3885793","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3888596","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3890668","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3893079","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,3895398","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:20,3897474","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3899461","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:20,3905054","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:20,3906701","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:20,4047967","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:20,4051979","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,4054409","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:20,4056774","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:20,4058421","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:20,4060371","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:20,4062386","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:20,4095736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbhub.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:20,4100504","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbhub.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,4137218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbhub.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:20,4157221","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbhub.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,4162870","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.198.724, Length: 16.200"
"12:27:20,4187702","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,4192190","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\usbhub.sys.mui","NO SUCH FILE","Filter: usbhub.sys.mui"
"12:27:20,4195348","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:20,4211046","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,4215030","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\usbhub.sys.mui","SUCCESS","Filter: usbhub.sys.mui, 1: usbhub.sys.mui"
"12:27:20,4219009","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:20,4246304","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,4251571","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:20,4253572","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,4259986","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,4263928","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,4267161","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,4293621","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,4296872","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:20,4298501","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:20,4304523","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,4308129","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,4311348","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,4325758","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,4329392","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:20,4332597","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,4438455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbhub.sys.mui","SUCCESS","Offset: 10.752, Length: 1.024"
"12:27:20,4446899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbhub.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,4599006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbhub.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:20,4604179","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbhub.sys.mui","SUCCESS","Offset: 8.192, Length: 3.584"
"12:27:20,4629347","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:20,4633340","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:20,4635421","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:20,4638626","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:20,4642568","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:20,4713681","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\usbhub.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,5198836","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:20,5203198","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,5205638","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:20,5208021","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:20,5209668","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:20,5211637","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:20,5213657","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:20,5247777","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:20,5252610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,5284775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:20,5309952","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,5315960","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.113.674, Length: 16.200"
"12:27:20,5319972","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.113.536, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,5356345","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,5361164","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\NDProxy.SYS","NO SUCH FILE","Filter: NDProxy.SYS"
"12:27:20,5364024","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:20,5380011","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,5383682","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\NDProxy.SYS","SUCCESS","Filter: NDProxy.SYS, 1: ndproxy.sys"
"12:27:20,5387708","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:20,5413706","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,5418949","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:20,5422122","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,5428205","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,5431829","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,5435044","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,5460706","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,5463925","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:20,5465879","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:20,5471893","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,5475494","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,5478708","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,5491588","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,5495194","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:20,5498436","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,5525246","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 53.128, Length: 4.096"
"12:27:20,5530858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:20,5547316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 51.952, Length: 4.096"
"12:27:20,5564190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,5604318","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:20,5609113","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 18.944, Length: 4.096"
"12:27:20,5638036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 56.320, Length: 1.536"
"12:27:20,5646056","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,5650445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 51.200, Length: 4.096"
"12:27:20,5709033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,5716278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 22.016, Length: 4.096"
"12:27:20,5720285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 53.128, Length: 4.096"
"12:27:20,5730338","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,5736799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:20,5742383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:20,5747659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:20,5752861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:20,5758067","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:20,5763268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:20,5768465","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:20,5773667","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:20,5778551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:20,5783748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:20,5788954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:20,5794155","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:20,5799352","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:20,5804232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 57.344, Length: 512"
"12:27:20,5817434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 53.128, Length: 4.096"
"12:27:20,5822649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,5829054","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:20,5833840","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:20,5838244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:20,5842326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:20,5846739","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:20,5851143","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:20,5855547","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:20,5859955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:20,5867988","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:20,5873600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:20,5878377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:20,5882800","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:20,5887217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:20,5891626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 57.344, Length: 512"
"12:27:20,5907697","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 53.128, Length: 4.096"
"12:27:20,5977093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 57.344, Length: 512"
"12:27:20,6076943","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6080096","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6081426","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndproxy.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,6082112","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976304, endtime: 976304, seqnum: 0, connid: 0"
"12:27:20,6098150","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6099783","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6100636","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6101798","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6102642","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6104201","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976304, endtime: 976304, seqnum: 0, connid: 0"
"12:27:20,6146745","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.450.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6149577","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.450.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6151532","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.450.819, Length: 2.920"
"12:27:20,6155133","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.453.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6192075","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.453.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6194916","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.453.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6196563","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.453.739, Length: 7.300"
"12:27:20,6199763","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.461.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6402513","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6405354","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976304, endtime: 976304, seqnum: 0, connid: 0"
"12:27:20,6415804","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6417786","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6419382","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976304, endtime: 976304, seqnum: 0, connid: 0"
"12:27:20,6433396","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6435024","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6436213","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6437067","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6438620","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976304, endtime: 976304, seqnum: 0, connid: 0"
"12:27:20,6493896","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.461.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6496728","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.461.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6498374","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.461.039, Length: 1.460"
"12:27:20,6501588","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.462.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6529928","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.462.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6532298","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.462.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6533926","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.462.499, Length: 2.920"
"12:27:20,6536749","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.465.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6570598","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.465.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6573401","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.465.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6575030","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.465.419, Length: 5.840"
"12:27:20,6578225","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.471.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6580562","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:20,6584621","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,6587373","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:20,6589440","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:20,6591404","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:20,6593050","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:20,6595378","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:20,6631980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:20,6636803","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,6674091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:20,6705463","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,6711863","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.091.292, Length: 16.200"
"12:27:20,6731512","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6734685","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6736718","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976304, endtime: 976304, seqnum: 0, connid: 0"
"12:27:20,6736756","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,6741575","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\AtihdW76.sys","NO SUCH FILE","Filter: AtihdW76.sys"
"12:27:20,6747924","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:20,6753130","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6754772","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6755948","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6756787","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6757940","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,6759180","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976304, endtime: 976304, seqnum: 0, connid: 0"
"12:27:20,6768837","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,6773255","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Filter: AtihdW76.sys, 1: AtihdW76.sys"
"12:27:20,6777644","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:20,6804146","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,6809749","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:20,6811769","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,6818174","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,6822545","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,6826128","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,6855891","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,6859455","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:20,6861083","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:20,6867124","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,6870739","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,6874714","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,6875656","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.471.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6879612","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.471.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6881613","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.471.259, Length: 2.920"
"12:27:20,6888359","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,6890085","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.474.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6892366","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:20,6895590","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,6902750","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.474.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6909748","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.474.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6911371","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.474.179, Length: 7.300"
"12:27:20,6914548","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.481.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,6924877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 220.432, Length: 4.096"
"12:27:20,6928464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 217.088, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,6943574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:20,6961231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 219.656, Length: 4.096"
"12:27:20,6978132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,7019856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 224.768, Length: 6.672"
"12:27:20,7023485","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 225.280, Length: 6.160, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,7040401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 219.648, Length: 4.096"
"12:27:20,7045611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 74.752, Length: 4.096"
"12:27:20,7049189","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,7052012","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,7054386","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976305, endtime: 976305, seqnum: 0, connid: 0"
"12:27:20,7064033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 224.768, Length: 4.096"
"12:27:20,7067248","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,7068050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 222.720, Length: 4.096"
"12:27:20,7069212","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,7070480","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976305, endtime: 976305, seqnum: 0, connid: 0"
"12:27:20,7081732","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,7083645","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,7084513","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,7084769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,7086071","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976305, endtime: 976305, seqnum: 0, connid: 0"
"12:27:20,7102366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 224.768, Length: 4.096"
"12:27:20,7128308","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 228.864, Length: 2.576"
"12:27:20,7135916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:20,7166090","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.481.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,7168917","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.481.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,7170867","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.481.479, Length: 5.840"
"12:27:20,7174482","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.487.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,7191733","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,7197275","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 4.096, Length: 57.744"
"12:27:20,7200139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 61.840, Length: 61.440"
"12:27:20,7203694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 123.280, Length: 61.440"
"12:27:20,7207277","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.487.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,7209754","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.487.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,7211713","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.487.319, Length: 4.380"
"12:27:20,7214937","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.491.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,7226833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 184.720, Length: 40.048"
"12:27:20,7383171","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,7386399","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976305, endtime: 976305, seqnum: 0, connid: 0"
"12:27:20,7434290","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 228.006, Length: 3.434"
"12:27:20,7452031","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.491.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,7454848","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.491.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,7456477","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.491.699, Length: 1.460"
"12:27:20,7459262","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.493.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,7499255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 220.432, Length: 4.096"
"12:27:20,7502044","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,7508939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 81.408, Length: 4.096"
"12:27:20,7512904","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 220.432, Length: 4.096"
"12:27:20,7551442","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 224.768, Length: 4.096"
"12:27:20,7567466","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 80.896, Length: 4.096"
"12:27:20,7574744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 224.768, Length: 4.096"
"12:27:20,7628083","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 223.744, Length: 4.096"
"12:27:20,7707929","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\AtihdW76.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,8187692","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:20,8191750","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,8194172","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:20,8196546","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:20,8198183","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:20,8200152","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:20,8202163","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:20,8240682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:20,8245109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,8261935","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:20,8293415","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,8299409","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.160.330, Length: 16.200"
"12:27:20,8322300","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,8327096","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\portcls.sys","NO SUCH FILE","Filter: portcls.sys"
"12:27:20,8330278","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:20,8346390","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,8350360","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Filter: portcls.sys, 1: portcls.sys"
"12:27:20,8354391","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:20,8380436","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,8385674","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:20,8388058","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,8394132","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,8398069","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,8401284","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,8427799","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,8431037","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:20,8432982","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:20,8439019","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,8442620","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,8445839","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,8459069","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,8462684","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:20,8465884","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,8490408","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 218.736, Length: 4.096"
"12:27:20,8493613","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 217.088, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,8509129","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:20,8540025","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,8580597","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:20,8593836","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:20,8597018","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 62.976, Length: 4.096"
"12:27:20,8613494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 222.720, Length: 4.096"
"12:27:20,8616671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 225.280, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,8661978","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,8685634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 121.344, Length: 4.096"
"12:27:20,8702554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:20,8718205","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 65.024, Length: 4.096"
"12:27:20,8755418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 218.736, Length: 4.096"
"12:27:20,8758650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,8766236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 93.696, Length: 4.096"
"12:27:20,8770229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 218.736, Length: 4.096"
"12:27:20,8870783","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 226.304, Length: 4.096"
"12:27:20,8874450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 229.376, Length: 1.024, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,8992768","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\portcls.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:20,9280496","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:20,9284550","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:20,9287307","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:20,9289373","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:20,9291333","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:20,9292975","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:20,9294990","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:20,9336191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\portcls.sys.mui","SUCCESS","Offset: 0, Length: 3.584, I/O Flags: Synchronous"
"12:27:20,9340973","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\portcls.sys.mui","SUCCESS","Offset: 0, Length: 3.584, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:20,9357184","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\portcls.sys.mui","SUCCESS","Offset: 184, Length: 3.400"
"12:27:20,9374827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\portcls.sys.mui","SUCCESS","Offset: 0, Length: 3.584"
"12:27:20,9380392","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 704.922, Length: 16.200"
"12:27:20,9404772","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,9409558","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\portcls.sys.mui","NO SUCH FILE","Filter: portcls.sys.mui"
"12:27:20,9412390","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:20,9449616","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,9453278","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\portcls.sys.mui","SUCCESS","Filter: portcls.sys.mui, 1: portcls.sys.mui"
"12:27:20,9457253","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:20,9482948","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,9488182","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:20,9490202","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,9496602","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,9500227","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,9503777","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,9530689","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,9533931","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:20,9535886","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:20,9541918","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,9545519","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:20,9549135","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:20,9562355","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:20,9565966","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:20,9572002","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:20,9736672","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,9739900","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976307, endtime: 976307, seqnum: 0, connid: 0"
"12:27:20,9758775","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,9760394","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,9761579","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,9762740","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,9763585","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,9765577","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:20,9766790","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976307, endtime: 976307, seqnum: 0, connid: 0"
"12:27:20,9884282","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.493.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,9887478","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.493.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,9890487","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.493.159, Length: 1.460"
"12:27:20,9895940","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.494.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,9947610","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.494.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,9950423","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.494.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:20,9952387","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.494.619, Length: 8.760"
"12:27:20,9955657","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.503.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0067034","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0069847","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0072179","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976308, endtime: 976308, seqnum: 0, connid: 0"
"12:27:21,0089855","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0091110","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0092267","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0093111","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0094268","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0095513","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976308, endtime: 976308, seqnum: 0, connid: 0"
"12:27:21,0220876","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.503.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0224043","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.503.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0225690","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.503.379, Length: 2.920"
"12:27:21,0230066","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.506.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0274085","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.506.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0277271","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.506.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0279286","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.506.299, Length: 7.300"
"12:27:21,0282552","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.513.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0436651","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0439049","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0441041","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976308, endtime: 976308, seqnum: 0, connid: 0"
"12:27:21,0456706","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0458315","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0459169","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0460330","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0461179","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0463143","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976308, endtime: 976308, seqnum: 0, connid: 0"
"12:27:21,0465620","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0498327","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:21,0502385","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,0505128","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:21,0507200","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:21,0509159","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:21,0510796","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:21,0512807","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:21,0544240","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.513.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0547053","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.513.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0548699","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.513.599, Length: 10.220"
"12:27:21,0550500","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:21,0552669","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.523.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0555314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,0586383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:21,0618590","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,0626670","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.568.868, Length: 16.200"
"12:27:21,0649100","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,0653559","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\drmk.sys","NO SUCH FILE","Filter: drmk.sys"
"12:27:21,0656722","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:21,0672788","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,0676786","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Filter: drmk.sys, 1: drmk.sys"
"12:27:21,0680462","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:21,0706544","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,0712119","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:21,0714130","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,0720572","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,0724556","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,0727798","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,0754207","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,0757449","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:21,0759068","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:21,0765099","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,0768701","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,0771924","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,0785168","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,0789101","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:21,0792334","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,0793607","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,0797171","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976309, endtime: 976309, seqnum: 0, connid: 0"
"12:27:21,0818458","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 113.272, Length: 2.952"
"12:27:21,0827274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:21,0862309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,0864352","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.523.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0867165","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.523.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0869120","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.523.819, Length: 1.460"
"12:27:21,0871587","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.525.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,0875926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 113.366, Length: 2.858"
"12:27:21,0885974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:21,0900375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 113.366, Length: 2.858"
"12:27:21,0912383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,0917244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 112.640, Length: 3.584"
"12:27:21,0926494","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 25.600, Length: 4.096"
"12:27:21,0939318","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 114.688, Length: 1.536"
"12:27:21,0947286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,0964603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:21,0981005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:21,1023139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 113.272, Length: 2.952"
"12:27:21,1025196","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,1032357","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 31.744, Length: 4.096"
"12:27:21,1036388","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 113.272, Length: 2.952"
"12:27:21,1085342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 15.360, Length: 4.096"
"12:27:21,1142316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 115.712, Length: 512"
"12:27:21,1209310","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\drmk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,1342374","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:21,1346382","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,1349563","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:27:21,1352367","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:27:21,1354830","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:21,1703534","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:21,1707560","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,1709986","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:21,1712355","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:21,1713998","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:21,1715957","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:21,1717977","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:21,1753706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:21,1758147","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,1774381","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:21,1793228","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,1798817","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 825.288, Length: 16.200"
"12:27:21,1819744","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,1824535","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\ksthunk.sys","NO SUCH FILE","Filter: ksthunk.sys"
"12:27:21,1827371","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:21,1843405","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,1847375","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Filter: ksthunk.sys, 1: ksthunk.sys"
"12:27:21,1851032","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:21,1876722","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,1882297","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:21,1884307","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,1890367","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,1894295","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,1897528","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,1924459","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,1928009","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:21,1929637","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:21,1935674","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,1939275","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,1942489","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,1955733","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,1959339","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:21,1962927","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,1987418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 17.740, Length: 3.252"
"12:27:21,1992638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:21,2008695","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 17.416, Length: 3.576"
"12:27:21,2027122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,2067231","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 17.408, Length: 3.584"
"12:27:21,2071257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 9.472, Length: 4.096"
"12:27:21,2090939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 19.584, Length: 1.408"
"12:27:21,2098930","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,2157956","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 17.740, Length: 3.252"
"12:27:21,2160377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,2167949","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 12.416, Length: 4.096"
"12:27:21,2170776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 17.740, Length: 3.252"
"12:27:21,2340045","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ksthunk.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,2783864","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:21,2787890","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,2790637","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:21,2792709","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:21,2794668","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:21,2796305","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:21,2798689","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:21,2834017","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:21,2838808","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,2876595","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:21,2913570","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,2920740","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.160.654, Length: 16.200"
"12:27:21,2944447","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,2949280","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\stwrt64.sys","NO SUCH FILE","Filter: stwrt64.sys"
"12:27:21,2952452","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:21,2968528","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,2972526","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Filter: stwrt64.sys, 1: stwrt64.sys"
"12:27:21,2976575","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:21,3003054","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,3008647","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:21,3010667","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,3017063","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,3020711","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,3024279","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,3050767","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,3053991","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:21,3055927","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:21,3061991","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,3065588","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,3068807","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,3082065","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,3085671","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:21,3088876","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,3114510","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 534.024, Length: 4.096"
"12:27:21,3118130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 532.480, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,3133799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:21,3163884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,3204386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 534.016, Length: 4.096"
"12:27:21,3208831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 46.592, Length: 4.096"
"12:27:21,3222295","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3229936","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:21,3233122","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:21,3237255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 536.576, Length: 4.096"
"12:27:21,3245680","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,3250793","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,3291206","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3297956","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:21,3299631","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,3304273","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 534.024, Length: 4.096"
"12:27:21,3306045","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3306717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,3310836","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:21,3314298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:21,3314857","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,3317507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 139.264, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,3330117","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3333867","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 534.024, Length: 4.096"
"12:27:21,3336867","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:21,3340487","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,3353367","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3357761","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:21,3360934","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,3373832","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3378222","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:21,3381385","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,3403931","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3408680","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:21,3410317","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,3432000","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3436021","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:21,3437981","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,3438583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 538.120, Length: 4.096"
"12:27:21,3442198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 540.672, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,3455708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 542.216, Length: 4.088"
"12:27:21,3458861","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3460056","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 544.768, Length: 1.536, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,3462887","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,3464515","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,3485750","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3489753","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,3491367","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,3511832","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3515830","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,3517444","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:21,3549031","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3554219","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:21,3556206","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:21,3576648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\stwrt64.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,3578318","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3582708","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:21,3584336","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:21,3606023","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3610352","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:21,3611985","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,3638109","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3642466","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:21,3644090","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,3664989","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3669015","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:21,3670955","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:21,3676591","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3681027","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,3687819","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3693082","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:21,3695092","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,3709087","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3714751","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:21,3717517","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:21,3728190","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:21,3731395","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x6100000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:21,3734553","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,3746230","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3752598","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:21,3755051","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:21,3771524","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,3812132","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3817418","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:21,3821406","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,3832267","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3837454","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:21,3841834","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,3855895","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3860336","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:21,3863919","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,3877186","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3881608","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:21,3884785","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,3898048","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3902442","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:21,3905614","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,3939608","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3945561","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:21,3948010","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,3972851","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,3977245","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:21,3978887","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,4001373","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4005767","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,4007405","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,4040703","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4045979","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,4047985","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,4053639","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:21,4057320","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,4060058","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:21,4063804","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:21,4067448","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:21,4069850","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:21,4071240","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4072271","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:21,4075644","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,4077277","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:21,4099277","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4103308","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:21,4104945","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:21,4106410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:21,4111215","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,4129795","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4130999","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 272, Length: 4.096"
"12:27:21,4133845","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:21,4135785","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:21,4156647","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4160319","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:21,4162264","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,4163169","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,4169565","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.984.586, Length: 16.200"
"12:27:21,4184371","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4188374","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:21,4190058","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,4190786","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,4194849","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\IntcDAud.sys","NO SUCH FILE","Filter: IntcDAud.sys"
"12:27:21,4198016","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:21,4212842","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4214876","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,4216854","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:21,4218491","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:21,4218892","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Filter: IntcDAud.sys, 1: IntcDAud.sys"
"12:27:21,4223319","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:21,4226883","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4231320","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,4239306","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4244937","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:21,4246943","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,4250185","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,4255429","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:21,4257449","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,4260980","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4263863","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,4266639","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:21,4267819","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,4269396","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:21,4271052","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,4278059","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:21,4281254","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x6100000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:21,4284109","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,4297973","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,4301514","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:21,4303156","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:21,4304500","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:21,4309197","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,4312808","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,4316013","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,4330400","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,4334029","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:21,4337239","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,4344964","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4350525","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:21,4352195","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,4358586","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4362126","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 311.304, Length: 4.096"
"12:27:21,4363377","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:21,4365737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 311.296, Length: 6.144, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,4367043","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,4380059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 272, Length: 4.096"
"12:27:21,4380633","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4385050","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:21,4388278","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,4401098","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4405488","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:21,4408333","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,4414939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,4421964","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4426359","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:21,4429610","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,4452082","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4456826","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:21,4458463","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,4460693","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:21,4465083","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 26.112, Length: 4.096"
"12:27:21,4480123","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4483524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 313.344, Length: 4.096"
"12:27:21,4484149","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:21,4485772","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,4491566","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,4506583","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4510259","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,4512199","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,4536686","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4540362","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,4542303","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,4555379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 311.304, Length: 4.096"
"12:27:21,4558122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,4563151","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4565744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 42.496, Length: 4.096"
"12:27:21,4567167","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,4568791","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:21,4572555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 311.304, Length: 4.096"
"12:27:21,4589643","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4593310","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:21,4594929","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:21,4614988","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4622634","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:21,4626581","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:21,4627812","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:21,4631022","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:21,4633359","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:21,4636181","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:21,4639447","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:21,4655093","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4659893","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:21,4661531","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,4667651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 315.400, Length: 2.040"
"12:27:21,4683587","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4687641","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:21,4689577","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,4710877","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4714926","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:21,4716858","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:21,4727699","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4727741","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,4730549","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:21,4733782","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:21,4734874","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,4741792","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:21,4743294","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4744558","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:21,4746980","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,4749345","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:21,4749382","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:21,4751710","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,4751822","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:21,4754588","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:21,4755092","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\IntcDAud.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,4756608","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:21,4758581","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,4760242","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:21,4762276","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:21,4764641","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:21,4766629","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:21,4767823","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,4768289","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,4770263","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:21,4772297","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:21,4773425","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:21,4774662","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:21,4776663","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:21,4777064","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:21,4779817","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:21,4786287","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,4788647","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:21,4792314","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,5014489","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,5060262","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5070231","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:21,5072643","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,5079468","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5084315","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:21,5089153","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,5105965","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5111176","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:21,5114777","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,5130429","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5134893","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:21,5138438","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,5152513","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5156963","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:21,5160135","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,5183791","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5187822","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:21,5189455","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,5207144","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:21,5210690","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5211520","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,5213960","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:21,5214720","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:21,5216376","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:21,5216698","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,5218368","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:21,5221970","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:21,5223999","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:21,5243578","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5249157","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,5251588","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,5258441","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:21,5262910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,5279699","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5285302","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,5287695","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,5290004","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 256, Length: 4.096"
"12:27:21,5316553","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5317570","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,5322244","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,5324660","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:21,5325122","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.466.186, Length: 16.200"
"12:27:21,5345993","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,5350808","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\nusb3hub.sys","NO SUCH FILE","Filter: nusb3hub.sys"
"12:27:21,5353681","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:21,5355044","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5363534","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:21,5365932","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:21,5370895","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,5374884","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Filter: nusb3hub.sys, 1: nusb3hub.sys"
"12:27:21,5378551","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:21,5392443","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5396856","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:21,5398820","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:21,5405789","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,5411038","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:21,5413384","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,5419873","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,5423862","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,5426474","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5427449","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,5433308","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:21,5435342","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,5454343","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,5457576","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:21,5459512","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:21,5462245","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5465585","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,5466654","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:21,5468604","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,5469215","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,5472812","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,5489228","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,5492890","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:21,5493524","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5496463","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,5497937","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:21,5499901","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:21,5505574","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5509992","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,5516793","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5522582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 91.516, Length: 4.096"
"12:27:21,5523296","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:21,5528068","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,5528157","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 256, Length: 4.096"
"12:27:21,5544652","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 90.632, Length: 4.096"
"12:27:21,5546999","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5553731","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:21,5556180","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:21,5561843","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,5565267","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:21,5571332","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:21,5575348","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:21,5578105","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,5586586","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5592959","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:21,5595389","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:21,5602391","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 90.624, Length: 4.096"
"12:27:21,5607173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 94.720, Length: 2.048"
"12:27:21,5610410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 50.176, Length: 4.096"
"12:27:21,5611856","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,5637057","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,5645724","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,5674358","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5679602","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,5682018","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,5689594","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5694833","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:21,5699642","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,5701443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 91.516, Length: 4.096"
"12:27:21,5703888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,5711501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 55.808, Length: 4.096"
"12:27:21,5714351","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 91.516, Length: 4.096"
"12:27:21,5716040","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5726811","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:21,5731677","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,5749306","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5754489","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:21,5757708","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,5772123","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5776564","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:21,5779796","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,5803434","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5807488","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,5809405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 96.256, Length: 512"
"12:27:21,5809475","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,5843870","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5849496","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,5851507","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,5875144","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5879543","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,5881181","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,5888496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nusb3hub.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,5904091","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5908485","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,5910113","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:21,5936965","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5941359","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:21,5942978","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:21,5964237","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5968276","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:21,5970222","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:21,5991480","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,5995161","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:21,5997101","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,6018005","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6030368","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:21,6032775","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,6059589","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6064012","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:21,6065649","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:21,6071648","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6076085","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,6082909","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6088517","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:21,6090523","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,6105003","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6110615","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:21,6113377","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:21,6124171","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:21,6130208","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,6152670","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:21,6243889","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,6268404","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6273157","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:21,6274823","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,6281223","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6286010","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:21,6290455","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,6304096","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6308854","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:21,6312101","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,6324533","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:21,6326866","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6328918","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,6331358","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:21,6334087","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:21,6334931","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:21,6335757","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:21,6337730","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:21,6339704","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,6340105","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:21,6356227","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6361009","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:21,6364218","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,6373856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:21,6379034","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,6388719","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,6411139","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6413518","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:21,6415193","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: DNCI"
"12:27:21,6417152","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,6439287","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,6439619","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6443649","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,6445650","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,6445660","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.913.280, Length: 16.200"
"12:27:21,6467315","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,6467744","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6472110","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\crashdmp.sys","NO SUCH FILE","Filter: crashdmp.sys"
"12:27:21,6472544","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,6474517","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,6475348","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:21,6491843","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,6495841","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Filter: crashdmp.sys, 1: crashdmp.sys"
"12:27:21,6496625","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6499844","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:21,6500982","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,6502647","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:21,6528720","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,6529065","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6533129","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:21,6534351","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:21,6535107","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:21,6536721","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,6543182","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,6547161","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,6550422","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,6556407","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6560409","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:21,6562028","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:21,6577661","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,6580917","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:21,6582867","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:21,6584070","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6588082","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:21,6589314","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,6590051","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,6592948","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,6596493","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,6610563","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,6611748","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6614197","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:21,6615760","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:21,6617406","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,6617784","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,6639854","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6643848","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:21,6645844","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:21,6646241","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 28.772, Length: 4.096"
"12:27:21,6651461","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6652609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:21,6655855","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,6662302","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6667882","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:21,6668670","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 21.000, Length: 4.096"
"12:27:21,6669883","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,6683598","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:21,6684736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,6725224","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 32.256, Length: 7.248"
"12:27:21,6730855","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 28.160, Length: 4.096"
"12:27:21,6736891","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 16.896, Length: 4.096"
"12:27:21,6761919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 32.256, Length: 4.096"
"12:27:21,6765184","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:21,6767386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 31.232, Length: 4.096"
"12:27:21,6768384","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:21,6768678","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,6772252","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976314, endtime: 976315, seqnum: 0, connid: 0"
"12:27:21,6776777","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,6777910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,6778801","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,6780817","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:21,6788831","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:21,6789624","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 32.256, Length: 4.096"
"12:27:21,6791098","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,6793090","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,6793795","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:21,6794280","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,6795134","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,6796300","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,6797811","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:21,6798292","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,6799509","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976315, endtime: 976315, seqnum: 0, connid: 0"
"12:27:21,6812487","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 20.992, Length: 4.096"
"12:27:21,6826314","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,6827700","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 32.256, Length: 4.096"
"12:27:21,6833760","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 36.352, Length: 3.152"
"12:27:21,6839372","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:21,6865346","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6870618","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:21,6872605","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,6879034","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6880246","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,6883843","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:21,6885126","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 4.096, Length: 28.160"
"12:27:21,6887855","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,6901491","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6905923","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:21,6909477","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,6924377","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6928795","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:21,6929257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 33.643, Length: 4.096"
"12:27:21,6931991","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,6945566","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6949652","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:21,6952820","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,6955698","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:21,6976103","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,6980861","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, FileAttributes: ANCI"
"12:27:21,6982499","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,6999073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 28.772, Length: 4.096"
"12:27:21,7001471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,7003799","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7007820","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:21,7008310","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 18.944, Length: 4.096"
"12:27:21,7009780","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,7011851","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 28.772, Length: 4.096"
"12:27:21,7032638","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7036650","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,7038273","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,7059513","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7063520","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,7065144","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,7065610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 32.868, Length: 4.096"
"12:27:21,7085651","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7089644","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,7091263","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:21,7101083","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7104222","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7106252","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976315, endtime: 976315, seqnum: 0, connid: 0"
"12:27:21,7112139","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7116118","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:21,7117737","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:21,7123536","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7125486","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7126339","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7127510","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7128359","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7129922","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976315, endtime: 976315, seqnum: 0, connid: 0"
"12:27:21,7141374","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7145382","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:21,7147005","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:21,7167844","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7171506","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:21,7173124","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,7193916","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7196370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\crashdmp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,7197588","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:21,7199206","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,7221249","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7225270","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:21,7226889","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:21,7232501","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7236890","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,7243319","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7248898","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:21,7250904","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,7265757","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7273375","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:21,7277014","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:21,7279780","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:21,7288126","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:21,7291727","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:21,7295366","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,7297778","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:19, LastWriteTime: 06.10.2013 12:27:19, ChangeTime: 06.10.2013 12:27:19, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:21,7331431","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,7368457","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:21,7371018","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7372418","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,7374499","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:21,7376309","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:21,7377680","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:21,7379117","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:21,7380890","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:21,7384076","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,7385937","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7386534","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:21,7389301","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:21,7391125","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:21,7391764","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:21,7393368","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,7395328","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:21,7395561","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,7397749","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:21,7409934","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7414426","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:21,7418032","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,7430651","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7432872","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7433473","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976315, endtime: 976315, seqnum: 0, connid: 0"
"12:27:21,7446321","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7448313","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7449922","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976315, endtime: 976315, seqnum: 0, connid: 0"
"12:27:21,7452096","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:21,7460223","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,7462821","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7464421","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7465592","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7466754","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7467999","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976315, endtime: 976315, seqnum: 0, connid: 0"
"12:27:21,7491959","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7499558","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:21,7503985","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,7532087","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7537260","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:21,7539229","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:21,7562573","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7566962","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:21,7568978","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,7591029","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7595391","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,7597033","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,7619537","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7623927","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,7625555","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,7647224","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7651567","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,7653195","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:21,7675284","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7679291","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:21,7680910","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:21,7702588","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7706604","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:21,7708545","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:21,7743379","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7749854","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:21,7751626","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7752643","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,7754477","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976315, endtime: 976315, seqnum: 0, connid: 0"
"12:27:21,7765295","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7767296","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7768910","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976315, endtime: 976315, seqnum: 0, connid: 0"
"12:27:21,7780517","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7782145","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7783330","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7784333","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7784580","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976315, endtime: 976316, seqnum: 0, connid: 0"
"12:27:21,7790043","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:21,7792496","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,7798225","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7800628","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,7802288","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976316, endtime: 976316, seqnum: 0, connid: 0"
"12:27:21,7820230","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7825875","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:21,7827880","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:21,7834649","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7839146","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,7846741","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7853594","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:21,7856388","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,7873252","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,7881234","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:21,7885269","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:21,7888040","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:21,7896339","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:21,7900757","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:21,7916436","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:21,7978191","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:21,7982217","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,7984643","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:21,7987036","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:21,7989005","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:21,7990652","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:21,7992672","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:21,8012740","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,8027986","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:21,8034321","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8048535","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8053718","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:21,8055724","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,8062161","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8065352","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:21,8066971","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:21,8070988","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,8078438","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8080901","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8082911","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976316, endtime: 976316, seqnum: 0, connid: 0"
"12:27:21,8091751","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8098586","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:21,8098684","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8101072","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8102616","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8104244","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976316, endtime: 976316, seqnum: 0, connid: 0"
"12:27:21,8107085","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,8109651","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,8117638","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.761.836, Length: 16.200"
"12:27:21,8123511","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8128348","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:21,8131595","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,8131950","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8135113","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976316, endtime: 976316, seqnum: 0, connid: 0"
"12:27:21,8153633","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,8157215","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8158433","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\win32k.sys","NO SUCH FILE","Filter: win32k.sys"
"12:27:21,8162445","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:21,8162478","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:21,8165682","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,8178530","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,8182546","SavService.exe","1536","QueryDirectory","C:\Windows\System32\win32k.sys","SUCCESS","Filter: win32k.sys, 1: win32k.sys"
"12:27:21,8186894","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:21,8191317","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:21,8213405","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,8214618","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8219437","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:21,8220207","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:21,8221424","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,8222586","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,8229010","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,8232681","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,8236283","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,8243495","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8247534","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:21,8249489","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:21,8262747","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,8265971","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:21,8267603","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:21,8271974","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8273966","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,8276000","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,8277591","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,8277978","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:21,8280815","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,8294390","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,8297683","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:21,8299657","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8300893","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,8303682","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:21,8305311","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:21,8325776","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.067.008, Length: 4.096"
"12:27:21,8329718","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.063.808, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8331355","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8338217","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:21,8341021","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:21,8344487","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 248, Length: 4.096"
"12:27:21,8367523","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8371931","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:21,8373891","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:21,8375001","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,8387764","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.080.206, Length: 4.096"
"12:27:21,8391021","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.080.192, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8393675","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8396474","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8398475","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976316, endtime: 976316, seqnum: 0, connid: 0"
"12:27:21,8403840","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8409433","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:21,8411859","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:21,8412750","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8415195","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8417191","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976316, endtime: 976316, seqnum: 0, connid: 0"
"12:27:21,8417466","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:21,8429236","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8430869","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976316, endtime: 976316, seqnum: 0, connid: 0"
"12:27:21,8440087","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8441645","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8442891","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976316, endtime: 976316, seqnum: 0, connid: 0"
"12:27:21,8444528","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.080.206, Length: 4.096"
"12:27:21,8445713","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8450966","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:21,8453699","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:21,8475522","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,8481144","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8481960","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.054.592, Length: 4.096"
"12:27:21,8485198","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.051.520, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8486868","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:21,8488505","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:21,8495302","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8500070","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,8503634","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.058.688, Length: 4.096"
"12:27:21,8506922","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8507594","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.059.712, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8512936","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:21,8514970","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:21,8525410","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:21,8537800","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:21,8560924","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.079.168, Length: 4.096"
"12:27:21,8564559","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.076.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8584730","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:21,8588789","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.083.264, Length: 4.096"
"12:27:21,8594788","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 2.779.648, Length: 4.096"
"12:27:21,8599224","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 2.777.088, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8614334","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.085.312, Length: 4.096"
"12:27:21,8617987","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.088.384, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8637720","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:21,8639343","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:21,8655983","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.089.408, Length: 4.096"
"12:27:21,8658880","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:21,8659650","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.092.480, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8661698","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:21,8666885","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:21,8680759","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 2.781.696, Length: 4.096"
"12:27:21,8684374","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 2.785.280, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8697017","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.091.456, Length: 4.096"
"12:27:21,8737975","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8738740","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.095.552, Length: 4.096"
"12:27:21,8740784","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8742318","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.096.576, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8743186","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976316, endtime: 976316, seqnum: 0, connid: 0"
"12:27:21,8762285","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.111.424, Length: 4.096"
"12:27:21,8766693","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.108.864, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8769030","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8771437","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8772664","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8773877","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8775062","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8776671","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976316, endtime: 976317, seqnum: 0, connid: 0"
"12:27:21,8785120","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,8787065","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976317, endtime: 976317, seqnum: 0, connid: 0"
"12:27:21,8789696","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.146.240, Length: 4.096"
"12:27:21,8798088","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.145.728, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8817070","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,8827105","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.066.880, Length: 4.096"
"12:27:21,8862792","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 2.061.312, Length: 4.096"
"12:27:21,8866813","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 2.060.288, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8905285","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 2.783.744, Length: 4.096"
"12:27:21,8910342","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.525.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,8913179","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.525.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,8915138","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.525.279, Length: 1.460"
"12:27:21,8917578","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.526.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,8941766","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.067.008, Length: 4.096"
"12:27:21,8944565","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,8952220","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 2.926.592, Length: 4.096"
"12:27:21,8955761","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 2.924.544, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,8960080","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.526.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,8962842","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.526.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,8964130","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.526.739, Length: 8.760"
"12:27:21,8975858","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.535.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,8977425","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.067.008, Length: 4.096"
"12:27:21,8996062","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.535.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,8999644","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.535.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9002089","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.535.499, Length: 2.920"
"12:27:21,9005658","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.538.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9036405","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.538.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9039199","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.538.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9040822","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.538.419, Length: 7.300"
"12:27:21,9044022","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.545.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9056338","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:21,9059557","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976317, endtime: 976317, seqnum: 0, connid: 0"
"12:27:21,9070664","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.545.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9073463","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.545.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9075096","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.545.719, Length: 1.460"
"12:27:21,9078483","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.547.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9087421","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.071.104, Length: 4.096"
"12:27:21,9090621","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.072.000, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,9104047","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 3.075.200, Length: 4.096"
"12:27:21,9110065","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.547.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9112528","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.547.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9114478","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.547.179, Length: 2.920"
"12:27:21,9122950","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.550.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9149428","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.550.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9151891","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.551.424, EndOfFile: 408.550.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9155857","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.550.099, Length: 5.840, Priority: Normal"
"12:27:21,9174316","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.555.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9180735","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.555.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9182718","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.555.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9183972","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.555.939, Length: 1.460"
"12:27:21,9186328","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.557.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9216138","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.557.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9219389","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.557.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9221824","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.557.399, Length: 2.920"
"12:27:21,9225435","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.560.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9267807","SavService.exe","1536","ReadFile","C:\Windows\System32\win32k.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,9270364","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.560.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9273498","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.560.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9275906","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.560.319, Length: 4.380"
"12:27:21,9279530","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.564.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9302454","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.564.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9305234","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.564.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9307609","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.564.699, Length: 2.920"
"12:27:21,9310473","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.567.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9334871","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.567.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9337661","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.567.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9339298","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.567.619, Length: 2.920"
"12:27:21,9342116","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.570.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9364625","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.570.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9367456","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.570.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9369821","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.570.539, Length: 2.920"
"12:27:21,9373409","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.573.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9396850","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.573.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9400121","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.573.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9402854","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.573.459, Length: 1.460"
"12:27:21,9406092","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.574.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9441042","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.574.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9444639","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.574.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9447050","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.574.919, Length: 1.460"
"12:27:21,9450619","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.576.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9479244","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.576.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9482775","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.576.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9484454","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.576.379, Length: 2.920"
"12:27:21,9487239","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.579.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9509347","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.579.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9511418","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.579.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9513023","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.579.299, Length: 7.300"
"12:27:21,9516186","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.586.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9544712","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.586.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9547581","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.586.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9548132","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:21,9549979","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.586.599, Length: 2.920"
"12:27:21,9551803","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:21,9553534","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.589.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9554551","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:21,9556599","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:21,9558581","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:21,9560541","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:21,9562574","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:21,9596298","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\win32k.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:21,9604723","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\win32k.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:21,9622767","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\win32k.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:21,9627968","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.900.346, Length: 16.200"
"12:27:21,9646871","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,9651289","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\win32k.sys.mui","SUCCESS","Filter: win32k.sys.mui, 1: win32k.sys.mui"
"12:27:21,9655674","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:21,9671693","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,9675360","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\win32k.sys.mui","SUCCESS","Filter: win32k.sys.mui, 1: win32k.sys.mui"
"12:27:21,9678976","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:27:21,9705431","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,9711421","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:21,9713441","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,9725126","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,9731191","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,9736416","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,9768534","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,9772859","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:21,9773829","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.589.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9774524","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:21,9777440","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.589.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9779893","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.589.519, Length: 8.760"
"12:27:21,9781307","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,9784409","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.598.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9784950","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:21,9788533","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:21,9800126","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.598.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9802948","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:21,9803256","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.598.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9805654","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.598.279, Length: 1.460"
"12:27:21,9806619","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:21,9808527","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.599.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:21,9810179","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:21,9940169","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\win32k.sys.mui","SUCCESS","Offset: 10.752, Length: 2.560"
"12:27:21,9945011","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\win32k.sys.mui","SUCCESS","Offset: 12.288, Length: 1.024, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:21,9966633","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\win32k.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,0148456","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\win32k.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:22,0154045","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\win32k.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:22,0275181","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\win32k.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,0813303","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,0817674","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,0821313","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:22,0824531","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:22,0827293","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:22,0829350","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:22,0832093","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:22,0872819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:22,0877624","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,0895705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:22,0922417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,0929695","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.195.970, Length: 16.200"
"12:27:22,0958412","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,0963562","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\Dxapi.sys","NO SUCH FILE","Filter: Dxapi.sys"
"12:27:22,0966445","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:22,0983603","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,0987303","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\Dxapi.sys","SUCCESS","Filter: Dxapi.sys, 1: dxapi.sys"
"12:27:22,0991301","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:22,1018115","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,1025005","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:22,1025542","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9936, User Time: 0.0156001, Kernel Time: 0.0624004"
"12:27:22,1027338","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,1038552","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,1043413","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,1047794","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,1077510","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,1081088","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:22,1082721","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:22,1088766","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,1092377","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,1095941","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,1109582","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,1113220","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:22,1116425","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,1143268","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 14.436, Length: 2.460"
"12:27:22,1148875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:22,1165342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 12.808, Length: 4.088"
"12:27:22,1182192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,1223123","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 13.824, Length: 3.072"
"12:27:22,1229943","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 10.240, Length: 4.096"
"12:27:22,1238406","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 15.360, Length: 1.536"
"12:27:22,1246392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,1270076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:27:22,1321797","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 14.436, Length: 2.460"
"12:27:22,1326649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,1339132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 11.264, Length: 4.096"
"12:27:22,1345365","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,1349377","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,1351732","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:22,1354522","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:22,1356523","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,1358198","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,1359807","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:22,1362546","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:22,1364958","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:22,1366227","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,1367836","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:22,1369767","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:22,1460212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 16.384, Length: 512"
"12:27:22,1548936","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\dxapi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,1999971","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,2004347","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,2006787","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:22,2009175","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:22,2010822","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:22,2012781","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:22,2014797","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:22,2054389","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:22,2059632","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,2094596","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:22,2121802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,2127410","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.920.758, Length: 16.200"
"12:27:22,2148253","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,2152745","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\usbccgp.sys","NO SUCH FILE","Filter: usbccgp.sys"
"12:27:22,2155904","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:22,2171975","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,2175958","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Filter: usbccgp.sys, 1: usbccgp.sys"
"12:27:22,2179989","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:22,2206426","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,2211678","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:22,2213684","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,2220103","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,2228580","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,2233767","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,2265862","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,2269459","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:22,2271101","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:22,2277511","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,2281122","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,2284690","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,2298345","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,2301965","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:22,2305188","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,2332861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 94.308, Length: 4.096"
"12:27:22,2338459","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:22,2354913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 76.468, Length: 4.096"
"12:27:22,2371758","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,2411485","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:22,2415548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 68.096, Length: 4.096"
"12:27:22,2440776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 96.768, Length: 2.048"
"12:27:22,2449201","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,2510616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 94.308, Length: 4.096"
"12:27:22,2513369","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,2523319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 72.192, Length: 4.096"
"12:27:22,2532029","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 94.308, Length: 4.096"
"12:27:22,2539660","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,2545683","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:22,2551276","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:22,2556562","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:22,2562902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:22,2569787","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:22,2576607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:22,2583777","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:22,2590271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:22,2597413","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:22,2604247","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:22,2611124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:22,2618672","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:22,2625557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:22,2632718","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:22,2639944","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:22,2647151","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:22,2654046","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:22,2660880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:22,2668069","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:22,2675249","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:22,2682130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:22,2689323","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:22,2696181","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:22,2703719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 98.304, Length: 512"
"12:27:22,2721012","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 94.308, Length: 4.096"
"12:27:22,2727436","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,2732638","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:22,2738226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:22,2743474","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:22,2749063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:22,2754348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:22,2759937","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:22,2765502","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:22,2770793","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:22,2776367","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:22,2781634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:22,2787209","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:22,2792032","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:22,2796464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:22,2800877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:22,2805309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:22,2809717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:22,2814121","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:22,2818898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:22,2824118","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:22,2829320","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:22,2833775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:22,2838188","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:22,2843361","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:22,2848190","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 98.304, Length: 512"
"12:27:22,2865441","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 94.308, Length: 4.096"
"12:27:22,2941266","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 98.404, Length: 412"
"12:27:22,3021508","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbccgp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,3024704","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 10048, User Time: 0.0000000, Kernel Time: 0.0156001"
"12:27:22,3461380","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,3465756","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,3468191","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:22,3470570","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:22,3472614","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:22,3474587","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:22,3476598","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:22,3511926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:22,3517542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,3551336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:22,3586160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,3592537","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 643.038, Length: 16.200"
"12:27:22,3614654","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,3619832","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\usbvideo.sys","NO SUCH FILE","Filter: usbvideo.sys"
"12:27:22,3622687","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:22,3638720","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,3642704","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Filter: usbvideo.sys, 1: usbvideo.sys"
"12:27:22,3646730","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:22,3672444","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,3678014","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:22,3680024","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,3686089","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,3690031","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,3693268","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,3720526","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,3723796","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:22,3725751","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:22,3731806","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,3735407","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,3738649","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,3752201","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,3755826","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:22,3759049","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,3784366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 179.680, Length: 4.096"
"12:27:22,3787926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 176.128, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,3803866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:22,3821504","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 178.952, Length: 4.096"
"12:27:22,3838401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,3880908","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 178.944, Length: 4.096"
"12:27:22,3886091","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:22,3888937","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 159.744, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,3920426","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 182.784, Length: 2.176"
"12:27:22,3925170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 184.320, Length: 640, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,3953734","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,4013875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 179.680, Length: 4.096"
"12:27:22,4016674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,4025150","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 171.520, Length: 4.096"
"12:27:22,4028318","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 167.936, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,4041776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 179.680, Length: 4.096"
"12:27:22,4143282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 183.936, Length: 1.024"
"12:27:22,4220245","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\usbvideo.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,4627010","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:22,4629823","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:22,4632169","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:22,4635062","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:22,4638677","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:22,4679622","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,4684044","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,4686470","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:22,4688863","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:22,4690832","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:22,4693225","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:22,4695254","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:22,4737295","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:22,4742520","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,4759085","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:22,4781169","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,4787602","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 905.316, Length: 16.200"
"12:27:22,4809281","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,4814034","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\HIDPARSE.SYS","NO SUCH FILE","Filter: HIDPARSE.SYS"
"12:27:22,4817304","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:22,4841007","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,4845010","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\HIDPARSE.SYS","SUCCESS","Filter: HIDPARSE.SYS, 1: hidparse.sys"
"12:27:22,4849017","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:22,4875108","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,4880678","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:22,4882689","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,4888763","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,4892691","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,4895947","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,4939943","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,4943973","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:22,4945979","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:22,4952813","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,4956797","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,4960459","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,4974832","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,4978471","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:22,4981704","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,5006591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 31.460, Length: 1.436"
"12:27:22,5011816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:22,5043053","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,5083209","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 30.208, Length: 2.688"
"12:27:22,5094410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 16.512, Length: 4.096"
"12:27:22,5098846","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 31.744, Length: 1.152"
"12:27:22,5106474","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,5141363","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:22,5184263","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 31.460, Length: 1.436"
"12:27:22,5186651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,5193891","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 17.408, Length: 4.096"
"12:27:22,5197497","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 31.460, Length: 1.436"
"12:27:22,5383486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\hidparse.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,5857347","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,5861308","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,5863356","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:22,5866150","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:22,5867186","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,5868166","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,5870181","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,5871198","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,5872126","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:22,5873647","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:22,5874557","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:22,5876035","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:22,5878009","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:22,5879655","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:22,5880295","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:22,5882440","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:22,5884250","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,5886704","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:22,5889107","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:22,5917330","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:22,5924146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,5940627","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:22,5967306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,5973674","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.289.930, Length: 16.200"
"12:27:22,5976911","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.297.856, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,6006963","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,6011432","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\monitor.sys","NO SUCH FILE","Filter: monitor.sys"
"12:27:22,6014614","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:22,6031086","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,6035051","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Filter: monitor.sys, 1: monitor.sys"
"12:27:22,6038732","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:22,6065943","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,6071177","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:22,6073188","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,6079233","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,6082853","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,6086390","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,6112103","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,6115317","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:22,6116950","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:22,6123775","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,6127386","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,6130931","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,6143830","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,6147436","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:22,6150631","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,6175916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 4.692, Length: 4.096"
"12:27:22,6181504","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:22,6212359","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,6254535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 26.624, Length: 3.584"
"12:27:22,6258579","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:22,6272159","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 28.672, Length: 1.536"
"12:27:22,6279819","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,6284629","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:22,6339601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,6348782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:27:22,6351987","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 4.692, Length: 4.096"
"12:27:22,6549853","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\monitor.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,6997739","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,7001779","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,7004219","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:22,7006603","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:22,7008562","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:22,7010223","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:22,7012233","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:22,7049535","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:22,7054316","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,7089920","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 224, Length: 4.096"
"12:27:22,7114220","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,7121511","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.680.350, Length: 16.200"
"12:27:22,7145120","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,7149953","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\TSDDD.dll","NO SUCH FILE","Filter: TSDDD.dll"
"12:27:22,7153559","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:22,7169201","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,7173227","SavService.exe","1536","QueryDirectory","C:\Windows\System32\TSDDD.dll","SUCCESS","Filter: TSDDD.dll, 1: tsddd.dll"
"12:27:22,7177272","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:22,7203732","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,7208970","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:22,7210981","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,7217363","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,7221393","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,7224985","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,7251072","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,7254300","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:22,7256241","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:22,7262282","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,7265893","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,7269112","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,7282355","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,7285971","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:22,7289185","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,7315668","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 6.076, Length: 4.096"
"12:27:22,7322036","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 224, Length: 4.096"
"12:27:22,7351365","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,7391890","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 14.848, Length: 2.560"
"12:27:22,7395113","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 7.680, Length: 4.096"
"12:27:22,7401500","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 15.360, Length: 2.048"
"12:27:22,7409980","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,7414370","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 5.120, Length: 4.096"
"12:27:22,7424353","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 10160, User Time: 0.0156001, Kernel Time: 0.0156001"
"12:27:22,7446857","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:22,7476307","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7479503","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7481882","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976325, endtime: 976325, seqnum: 0, connid: 0"
"12:27:22,7490200","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 6.076, Length: 4.096"
"12:27:22,7494608","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,7503388","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 8.704, Length: 4.096"
"12:27:22,7507414","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 6.076, Length: 4.096"
"12:27:22,7510231","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7512648","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7514197","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7515064","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7516235","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7518619","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7520266","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976325, endtime: 976325, seqnum: 0, connid: 0"
"12:27:22,7561159","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.599.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7563613","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.599.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7565227","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.599.739, Length: 2.920"
"12:27:22,7568376","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.602.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7622033","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 3.072, Length: 4.096"
"12:27:22,7626838","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:22,7648926","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 11.264, Length: 4.096"
"12:27:22,7667297","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.602.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7670138","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.602.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7671785","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.602.659, Length: 7.300"
"12:27:22,7678409","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.609.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7701925","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.609.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7704417","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.609.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7706367","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.609.959, Length: 1.460"
"12:27:22,7708830","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.611.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7753903","SavService.exe","1536","ReadFile","C:\Windows\System32\tsddd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,7834258","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7837472","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976326, endtime: 976326, seqnum: 0, connid: 0"
"12:27:22,7857569","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7859579","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7860769","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7861935","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7862779","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7864781","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,7866003","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976326, endtime: 976326, seqnum: 0, connid: 0"
"12:27:22,7931443","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.611.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7934308","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.611.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7936272","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.611.419, Length: 4.380"
"12:27:22,7939477","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.615.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7982651","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.615.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7985445","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.615.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,7987074","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.615.799, Length: 5.840"
"12:27:22,7990306","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.621.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8167105","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8170273","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8171523","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:22,8173520","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976326, endtime: 976326, seqnum: 0, connid: 0"
"12:27:22,8198053","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8200857","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8202088","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8204033","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8204882","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8207262","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:22,8208484","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976326, endtime: 976326, seqnum: 0, connid: 0"
"12:27:22,8229336","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8231748","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8232975","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8234151","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8235765","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976326, endtime: 976326, seqnum: 0, connid: 0"
"12:27:22,8257797","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.621.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8260606","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.621.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8269898","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.621.639, Length: 3.472"
"12:27:22,8273472","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.625.111, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8337443","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.625.111, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8341833","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.625.111, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8343503","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.625.111, Length: 8.208"
"12:27:22,8346708","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.633.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8372776","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.633.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8375523","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,8375953","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.633.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8377576","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.633.319, Length: 5.840"
"12:27:22,8379218","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,8380828","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.639.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8381630","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:22,8384018","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:22,8385996","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:22,8387638","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:22,8389649","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:22,8426139","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:22,8430948","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,8449160","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:27:22,8480402","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,8486098","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 25.980, Length: 16.200"
"12:27:22,8498917","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8501763","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8503774","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976326, endtime: 976326, seqnum: 0, connid: 0"
"12:27:22,8507697","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,8512152","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\cdd.dll","NO SUCH FILE","Filter: cdd.dll"
"12:27:22,8515725","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:22,8527439","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8529067","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8530238","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8531082","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8532249","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8534259","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8535482","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976326, endtime: 976326, seqnum: 0, connid: 0"
"12:27:22,8543146","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,8546743","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8548679","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8549551","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8550330","SavService.exe","1536","QueryDirectory","C:\Windows\System32\cdd.dll","SUCCESS","Filter: cdd.dll, 1: cdd.dll"
"12:27:22,8551109","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976326, endtime: 976326, seqnum: 0, connid: 0"
"12:27:22,8556357","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:22,8563490","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.639.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8567068","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.639.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8569051","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.639.159, Length: 2.920"
"12:27:22,8572270","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.642.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8595702","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,8601347","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:22,8603371","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,8606926","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.642.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8609739","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.642.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8612128","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.642.079, Length: 8.760"
"12:27:22,8612151","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,8616186","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.650.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8616960","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,8623748","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,8643075","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.650.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8645888","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.650.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8648263","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.650.839, Length: 4.380"
"12:27:22,8651836","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.655.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8655521","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,8659864","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:22,8661502","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:22,8667888","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,8671956","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:22,8675530","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:22,8689553","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:22,8693616","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:22,8696849","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:22,8727736","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 127.360, Length: 4.096"
"12:27:22,8731276","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 131.072, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,8746176","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:27:22,8776657","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,8802376","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 144.078, Length: 306"
"12:27:22,8806359","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 143.360, Length: 1.024, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,8818241","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8821427","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8823447","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976327, endtime: 976327, seqnum: 0, connid: 0"
"12:27:22,8835138","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,8840283","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8841617","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 138.752, Length: 4.096"
"12:27:22,8841930","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8843106","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8844267","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8845107","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,8845555","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 135.168, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,8846670","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976327, endtime: 976327, seqnum: 0, connid: 0"
"12:27:22,8859055","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 130.560, Length: 4.096"
"12:27:22,8874669","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 142.336, Length: 2.048"
"12:27:22,8896072","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.655.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8898885","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.655.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8905318","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.655.219, Length: 2.920"
"12:27:22,8905976","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,8908929","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.658.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8910757","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 125.952, Length: 4.096"
"12:27:22,8945614","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.658.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8946888","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:22,8948843","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.658.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8951679","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.658.139, Length: 7.300"
"12:27:22,8955677","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.665.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,8994205","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 127.360, Length: 4.096"
"12:27:22,8997419","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,9005037","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 134.656, Length: 4.096"
"12:27:22,9009016","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 127.360, Length: 4.096"
"12:27:22,9104551","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 132.608, Length: 4.096"
"12:27:22,9179891","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,9182680","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,9183912","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,9185101","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,9185955","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,9188754","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,9189944","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:22,9191185","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 10220, startime: 976327, endtime: 976327, seqnum: 0, connid: 0"
"12:27:22,9211202","SavService.exe","1536","ReadFile","C:\Windows\System32\cdd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,9249077","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.665.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,9251890","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.665.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,9253537","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.665.439, Length: 7.300"
"12:27:22,9257115","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.672.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,9287223","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.672.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,9290008","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.672.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,9292770","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.672.739, Length: 2.920"
"12:27:22,9295629","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.675.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:22,9703024","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:22,9707078","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:22,9712652","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:22,9715437","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:22,9717089","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:22,9726708","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:22,9730291","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:22,9769640","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:22,9775672","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:22,9793249","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 224, Length: 4.096"
"12:27:22,9824216","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:22,9831003","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.767.480, Length: 16.200"
"12:27:22,9841448","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:22,9847055","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:22,9852658","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:22,9857883","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:22,9863523","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:22,9869102","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:22,9874313","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:22,9879529","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:22,9884730","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:22,9889945","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:22,9894834","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:22,9900782","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:22,9906446","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:22,9912034","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:22,9917632","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:22,9925255","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:22,9932140","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:22,9939311","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:22,9946163","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:22,9952993","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:22,9959795","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:22,9966591","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:22,9972614","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:22,9977839","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:22,9983059","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:22,9988307","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:22,9993844","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:22,9996349","Windows7FirewallService.exe","2128","CreateFile","C:\SystemRoot\System32\smss.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:22,9999074","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:23,0003958","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:23,0009164","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:23,0014725","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:23,0022250","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:23,0032275","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:23,0034038","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\csrss.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0038353","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:23,0043932","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:23,0048458","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\csrss.exe","SUCCESS","CreationTime: 14.07.2009 01:19:49, LastAccessTime: 14.07.2009 01:19:49, LastWriteTime: 14.07.2009 03:39:02, ChangeTime: 11.05.2013 14:06:59, FileAttributes: A"
"12:27:23,0049185","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:23,0051284","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\csrss.exe","SUCCESS",""
"12:27:23,0054737","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:23,0059299","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0059966","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:23,0064916","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,0065196","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:23,0069366","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,0070420","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:23,0075645","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:23,0080861","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:23,0084593","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0086076","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:23,0090186","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,0091292","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:23,0094590","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,0099619","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:23,0105688","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:23,0109438","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0114659","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\csrss.exe","SUCCESS","Filter: csrss.exe, 1: csrss.exe"
"12:27:23,0116207","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:23,0121908","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,0124315","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:23,0131480","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:23,0139098","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:23,0145951","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:23,0151162","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wininit.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0152776","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:23,0159573","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:23,0164439","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wininit.exe","SUCCESS","CreationTime: 14.07.2009 01:52:37, LastAccessTime: 14.07.2009 01:52:37, LastWriteTime: 14.07.2009 03:39:52, ChangeTime: 06.09.2013 09:34:00, FileAttributes: A"
"12:27:23,0166426","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:23,0167228","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wininit.exe","SUCCESS",""
"12:27:23,0173582","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:23,0174832","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0180043","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,0180066","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:23,0184074","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,0187255","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:23,0194066","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:23,0198559","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0200863","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:23,0203779","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,0207697","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:23,0208192","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,0214545","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:23,0222154","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:23,0225765","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0229417","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:23,0231004","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wininit.exe","SUCCESS","Filter: wininit.exe, 1: wininit.exe"
"12:27:23,0235043","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,0236979","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:23,0244224","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:23,0251455","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:23,0258662","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:23,0262744","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\csrss.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0265511","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:23,0272699","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:23,0275928","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\csrss.exe","SUCCESS","CreationTime: 14.07.2009 01:19:49, LastAccessTime: 14.07.2009 01:19:49, LastWriteTime: 14.07.2009 03:39:02, ChangeTime: 11.05.2013 14:06:59, FileAttributes: A"
"12:27:23,0278349","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\csrss.exe","SUCCESS",""
"12:27:23,0279515","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:23,0285542","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0286372","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:23,0290417","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,0293557","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:23,0294429","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,0300409","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:23,0307253","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:23,0308825","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0313691","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,0314423","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:23,0317675","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,0321691","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:23,0328908","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:23,0334095","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0336073","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:23,0338970","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\csrss.exe","SUCCESS","Filter: csrss.exe, 1: csrss.exe"
"12:27:23,0342973","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:23,0343346","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,0350120","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:23,0356963","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:23,0363830","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:23,0370254","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\services.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0370986","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:23,0377834","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:23,0383092","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\services.exe","SUCCESS","CreationTime: 14.07.2009 01:19:46, LastAccessTime: 14.07.2009 01:19:46, LastWriteTime: 14.07.2009 03:39:37, ChangeTime: 11.05.2013 14:07:38, FileAttributes: A"
"12:27:23,0384664","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:23,0385872","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\services.exe","SUCCESS",""
"12:27:23,0391522","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:23,0393122","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0398286","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,0398706","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:23,0401948","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,0405517","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:23,0412743","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 364.544, Length: 3.072"
"12:27:23,0416003","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0422381","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,0423579","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 450.744, Length: 16.200"
"12:27:23,0426378","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,0431155","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,0440467","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0445304","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\services.exe","SUCCESS","Filter: services.exe, 1: services.exe"
"12:27:23,0449312","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,0455703","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 255.188, Length: 4.096"
"12:27:23,0462849","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 224, Length: 4.096"
"12:27:23,0476523","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\lsass.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0489001","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\lsass.exe","SUCCESS","CreationTime: 11.05.2013 14:10:27, LastAccessTime: 11.05.2013 14:10:27, LastWriteTime: 17.11.2011 08:33:55, ChangeTime: 11.05.2013 14:55:06, FileAttributes: A"
"12:27:23,0491427","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\lsass.exe","SUCCESS",""
"12:27:23,0498565","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,0498621","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0503477","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,0507437","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,0523131","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0525841","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 271.906, Length: 4.096"
"12:27:23,0528346","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,0532321","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,0545537","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,0546381","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0550766","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:23,0551592","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\lsass.exe","SUCCESS","Filter: lsass.exe, 1: lsass.exe"
"12:27:23,0554773","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 269.824, Length: 4.096"
"12:27:23,0555632","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,0569575","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 361.472, Length: 4.096"
"12:27:23,0583323","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\lsm.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0585679","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,0595671","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 254.976, Length: 4.096"
"12:27:23,0596935","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\lsm.exe","SUCCESS","CreationTime: 21.11.2010 05:23:53, LastAccessTime: 21.11.2010 05:23:53, LastWriteTime: 21.11.2010 05:23:53, ChangeTime: 11.05.2013 14:07:12, FileAttributes: A"
"12:27:23,0599716","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\lsm.exe","SUCCESS",""
"12:27:23,0606928","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0611784","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,0615773","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,0627762","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:23,0636252","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0643446","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,0649081","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,0668739","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0674328","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\lsm.exe","SUCCESS","Filter: lsm.exe, 1: lsm.exe"
"12:27:23,0678372","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,0679100","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 255.188, Length: 4.096"
"12:27:23,0681913","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,0689526","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 309.760, Length: 4.096"
"12:27:23,0693198","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 255.188, Length: 4.096"
"12:27:23,0706050","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0720521","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,0724477","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,0733289","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0739372","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,0744998","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,0763434","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0769456","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,0775008","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,0795100","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0799145","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 259.284, Length: 4.096"
"12:27:23,0801566","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,0805568","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 263.380, Length: 4.096"
"12:27:23,0807136","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,0811199","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 267.476, Length: 4.096"
"12:27:23,0844890","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0861287","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,0864954","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,0875394","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0882210","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,0887780","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,0906206","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0912658","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,0918676","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,0938712","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,0945192","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,0950757","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,0976060","SavService.exe","1536","ReadFile","C:\Windows\System32\atmfd.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,0997943","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\atiesrxx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1004736","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\atiesrxx.exe","SUCCESS","CreationTime: 29.09.2011 11:50:12, LastAccessTime: 11.05.2013 13:23:48, LastWriteTime: 29.09.2011 11:50:12, ChangeTime: 22.09.2013 09:54:10, FileAttributes: A"
"12:27:23,1007549","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\atiesrxx.exe","SUCCESS",""
"12:27:23,1015582","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1026176","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,1031835","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,1051498","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1057119","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,1061476","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,1077197","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1082735","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\atiesrxx.exe","SUCCESS","Filter: atiesrxx.exe, 1: atiesrxx.exe"
"12:27:23,1087619","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,1118072","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\winlogon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1134502","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\winlogon.exe","SUCCESS","CreationTime: 21.11.2010 05:24:29, LastAccessTime: 21.11.2010 05:24:29, LastWriteTime: 21.11.2010 05:24:29, ChangeTime: 11.05.2013 14:07:46, FileAttributes: A"
"12:27:23,1137763","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\winlogon.exe","SUCCESS",""
"12:27:23,1147802","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1154622","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,1160229","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,1177882","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1183443","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,1187123","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,1201967","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1207155","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\winlogon.exe","SUCCESS","Filter: winlogon.exe, 1: winlogon.exe"
"12:27:23,1211162","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,1279467","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1295132","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,1298351","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,1306776","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1312392","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,1317183","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,1337779","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1345425","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:23,1351000","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,1371638","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1378052","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,1383202","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,1434615","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1453038","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,1456224","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,1465871","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1471511","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,1476311","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,1492349","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1497598","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:23,1502384","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,1518847","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1525606","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,1530038","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,1560155","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1575037","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,1577789","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,1585048","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1590226","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,1594658","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,1606544","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,1609474","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1610924","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,1613360","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:23,1614684","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,1615753","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:23,1617735","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:23,1620138","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:23,1621136","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,1622195","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:23,1637146","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1642031","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,1646038","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,1657057","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:23,1661516","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,1674518","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1679551","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:23,1687771","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,1690561","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,1697768","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1703011","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,1707005","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,1707681","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,1713690","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.553.342, Length: 16.200"
"12:27:23,1723421","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1733334","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,1735354","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,1739739","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,1739790","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\luafv.sys","NO SUCH FILE","Filter: luafv.sys"
"12:27:23,1743000","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:23,1759822","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1760186","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,1763848","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Filter: luafv.sys, 1: luafv.sys"
"12:27:23,1765849","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,1767850","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:23,1771816","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,1794739","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,1800347","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:23,1802721","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,1803519","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1809173","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,1809504","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS","CreationTime: 22.07.2013 21:33:32, LastAccessTime: 22.07.2013 21:33:32, LastWriteTime: 16.05.2013 03:14:56, ChangeTime: 22.07.2013 21:33:32, FileAttributes: N"
"12:27:23,1811939","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS",""
"12:27:23,1812802","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,1816366","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,1829223","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1835861","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT","SUCCESS","Filter: IDT, 1: IDT"
"12:27:23,1843825","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:23,1845280","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,1848891","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:23,1850519","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:23,1856914","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,1860549","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,1863940","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1864532","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,1870760","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM","SUCCESS","Filter: WDM, 1: WDM"
"12:27:23,1875131","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT","SUCCESS",""
"12:27:23,1879810","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,1883771","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:23,1886990","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,1891221","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1897197","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM\STacSV64.exe","SUCCESS","Filter: STacSV64.exe, 1: stacsv64.exe"
"12:27:23,1902384","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM","SUCCESS",""
"12:27:23,1913039","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 91.096, Length: 4.096"
"12:27:23,1918656","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:23,1927244","svchost.exe","1248","Thread Exit","","SUCCESS","Thread ID: 9480, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:23,1928009","svchost.exe","1248","Thread Exit","","SUCCESS","Thread ID: 8972, User Time: 0.0156001, Kernel Time: 0.0156001"
"12:27:23,1935338","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1935506","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 88.600, Length: 4.096"
"12:27:23,1949347","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,1952174","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,1952398","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,1959782","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1965450","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,1969793","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,1984297","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,1989498","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,1993473","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,1993683","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 89.600, Length: 4.096"
"12:27:23,1996962","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 93.696, Length: 4.096"
"12:27:23,2000965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 91.648, Length: 4.096"
"12:27:23,2004515","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:23,2007963","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2013136","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,2017134","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,2047886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 96.768, Length: 4.096"
"12:27:23,2051925","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 100.864, Length: 4.096"
"12:27:23,2058051","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\hpservice.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2061078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,2064404","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\hpservice.exe","SUCCESS","CreationTime: 25.04.2012 14:02:52, LastAccessTime: 11.05.2013 13:48:04, LastWriteTime: 25.04.2012 14:02:52, ChangeTime: 11.05.2013 13:48:05, FileAttributes: A"
"12:27:23,2066863","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\hpservice.exe","SUCCESS",""
"12:27:23,2074490","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2080046","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,2084105","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,2098935","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2104141","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,2108148","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,2118910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 91.096, Length: 4.096"
"12:27:23,2122073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,2129691","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 22.016, Length: 4.096"
"12:27:23,2132537","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 91.096, Length: 4.096"
"12:27:23,2138219","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2143481","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","CreationTime: 16.12.2012 13:25:38, LastAccessTime: 13.05.2013 10:47:49, LastWriteTime: 16.12.2012 13:25:38, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:23,2145888","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS",""
"12:27:23,2161119","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2166316","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","Filter: SbieSvc.exe, 1: SbieSvc.exe"
"12:27:23,2170332","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:27:23,2215261","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2222912","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS","CreationTime: 03.08.2013 09:34:58, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:34:58, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:23,2226126","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS",""
"12:27:23,2230847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 98.816, Length: 4.096"
"12:27:23,2242169","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2247356","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:23,2251373","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,2280646","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\atieclxx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2285889","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\atieclxx.exe","SUCCESS","CreationTime: 29.09.2011 11:50:36, LastAccessTime: 11.05.2013 13:23:48, LastWriteTime: 29.09.2011 11:50:36, ChangeTime: 22.09.2013 09:54:10, FileAttributes: A"
"12:27:23,2288296","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\atieclxx.exe","SUCCESS",""
"12:27:23,2295159","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2300318","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,2304302","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,2318031","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2325243","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,2330808","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,2350448","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2352473","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\luafv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,2357315","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\atieclxx.exe","SUCCESS","Filter: atieclxx.exe, 1: atieclxx.exe"
"12:27:23,2363296","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,2399071","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2415875","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,2422168","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,2435062","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2442251","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,2447424","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,2464325","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2469956","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,2474346","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,2491154","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2496402","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,2500778","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,2541247","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wlanext.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2559319","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wlanext.exe","SUCCESS","CreationTime: 14.07.2009 02:07:15, LastAccessTime: 14.07.2009 02:07:15, LastWriteTime: 14.07.2009 03:39:54, ChangeTime: 11.05.2013 14:07:46, FileAttributes: A"
"12:27:23,2562514","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wlanext.exe","SUCCESS",""
"12:27:23,2570939","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2577349","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,2582187","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,2599806","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2605395","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,2609458","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,2627106","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2632335","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\WLANExt.exe","SUCCESS","Filter: WLANExt.exe, 1: wlanext.exe"
"12:27:23,2636720","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,2649176","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,2653225","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,2655968","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:23,2658030","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:23,2659999","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:23,2661646","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:23,2664001","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:23,2665224","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\conhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2678080","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","CreationTime: 12.09.2013 20:28:20, LastAccessTime: 12.09.2013 20:28:20, LastWriteTime: 02.08.2013 03:09:17, ChangeTime: 12.09.2013 21:03:53, FileAttributes: A"
"12:27:23,2680511","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\conhost.exe","SUCCESS",""
"12:27:23,2687709","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2692882","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,2696162","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\luafv.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:23,2696913","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,2700939","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\luafv.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,2711328","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2716525","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,2718125","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\luafv.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:23,2721819","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,2737844","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2742149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\luafv.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,2743040","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\conhost.exe","SUCCESS","Filter: conhost.exe, 1: conhost.exe"
"12:27:23,2747099","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,2747794","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.253.454, Length: 16.200"
"12:27:23,2770685","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,2775467","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\luafv.sys.mui","NO SUCH FILE","Filter: luafv.sys.mui"
"12:27:23,2775570","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\spoolsv.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2778303","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:23,2788823","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\spoolsv.exe","SUCCESS","CreationTime: 11.05.2013 14:07:36, LastAccessTime: 11.05.2013 14:07:36, LastWriteTime: 11.02.2012 08:36:02, ChangeTime: 11.05.2013 14:55:02, FileAttributes: A"
"12:27:23,2791566","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\spoolsv.exe","SUCCESS",""
"12:27:23,2794766","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,2798764","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\luafv.sys.mui","SUCCESS","Filter: luafv.sys.mui, 1: luafv.sys.mui"
"12:27:23,2798801","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2802421","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:23,2803667","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,2807660","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,2833131","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2840595","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,2840726","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:23,2845586","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,2848619","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:23,2850671","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,2857888","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,2861905","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,2862763","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2865548","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,2869177","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\spoolsv.exe","SUCCESS","Filter: spoolsv.exe, 1: spoolsv.exe"
"12:27:23,2873609","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,2895147","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,2898427","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:23,2900363","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:23,2904156","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2906852","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,2910477","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,2914041","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,2918920","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,2924145","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,2929295","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,2932948","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:23,2935845","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2936512","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,2943869","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,2949467","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,2972731","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,2979915","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,2985187","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,3004812","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3011632","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,3017244","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,3045267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\luafv.sys.mui","SUCCESS","Offset: 4.608, Length: 2.560"
"12:27:23,3057685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\luafv.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,3069297","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3076891","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, FileAttributes: ANCI"
"12:27:23,3080922","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:27:23,3118662","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3126317","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","CreationTime: 10.05.2013 00:57:24, LastAccessTime: 30.06.2013 18:43:15, LastWriteTime: 10.05.2013 00:57:24, ChangeTime: 30.06.2013 18:43:15, FileAttributes: A"
"12:27:23,3130305","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS",""
"12:27:23,3150771","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3157213","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe","SUCCESS","Filter: Adobe, 1: Adobe"
"12:27:23,3162816","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS",""
"12:27:23,3181672","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3188874","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS","Filter: ARM, 1: ARM"
"12:27:23,3194118","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe","SUCCESS",""
"12:27:23,3213772","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3221007","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS","Filter: 1.0, 1: 1.0"
"12:27:23,3226558","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS",""
"12:27:23,3245792","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3252612","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","Filter: armsvc.exe, 1: armsvc.exe"
"12:27:23,3253419","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\luafv.sys.mui","SUCCESS","Offset: 4.096, Length: 3.072"
"12:27:23,3258234","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS",""
"12:27:23,3313999","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3321692","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS","CreationTime: 13.02.2013 12:46:48, LastAccessTime: 11.05.2013 13:22:57, LastWriteTime: 13.02.2013 12:46:48, ChangeTime: 15.05.2013 16:19:51, FileAttributes: ANCI"
"12:27:23,3325648","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS",""
"12:27:23,3344545","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3351314","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:23,3356530","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:23,3385854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\luafv.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,3414329","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3421928","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS","CreationTime: 03.08.2013 09:35:05, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:35:05, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:23,3425563","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS",""
"12:27:23,3444876","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3452032","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:23,3457313","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,3491344","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3498183","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","CreationTime: 25.07.2012 10:46:42, LastAccessTime: 15.06.2013 07:13:50, LastWriteTime: 25.07.2012 10:46:42, ChangeTime: 15.06.2013 07:13:50, FileAttributes: ANCI"
"12:27:23,3501807","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS",""
"12:27:23,3520691","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3527488","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia","SUCCESS","Filter: Secunia, 1: Secunia"
"12:27:23,3532722","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,3551182","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3558002","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia\PSI","SUCCESS","Filter: PSI, 1: PSI"
"12:27:23,3562811","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia","SUCCESS",""
"12:27:23,3581224","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia\PSI","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3587256","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","Filter: sua.exe, 1: sua.exe"
"12:27:23,3591273","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia\PSI","SUCCESS",""
"12:27:23,3623778","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3638217","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskhost.exe","SUCCESS","CreationTime: 11.05.2013 14:09:45, LastAccessTime: 11.05.2013 14:09:45, LastWriteTime: 23.11.2012 05:13:57, ChangeTime: 11.05.2013 14:55:03, FileAttributes: A"
"12:27:23,3640642","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskhost.exe","SUCCESS",""
"12:27:23,3647878","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3653443","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,3657446","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,3671926","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3677137","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,3681158","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,3696375","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3701572","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskhost.exe","SUCCESS","Filter: taskhost.exe, 1: taskhost.exe"
"12:27:23,3705598","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,3735332","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3738435","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:23,3741733","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","CreationTime: 03.08.2013 09:35:27, LastAccessTime: 03.08.2013 09:36:29, LastWriteTime: 03.08.2013 09:35:27, ChangeTime: 03.08.2013 09:36:29, FileAttributes: A"
"12:27:23,3743202","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:23,3744168","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS",""
"12:27:23,3746808","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:23,3750065","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:23,3752481","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:23,3754869","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:23,3757673","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:23,3759744","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3760514","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:23,3763262","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:23,3765384","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:23,3765669","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:23,3768067","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:23,3769387","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,3770539","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:23,3772522","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:23,3774910","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:23,3776548","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:23,3778530","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:23,3780532","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3782160","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:23,3784516","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:23,3786540","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:23,3788957","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:23,3791079","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3791368","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:23,3793379","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:23,3795744","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:23,3796276","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","Filter: ALsvc.exe, 1: ALsvc.exe"
"12:27:23,3797386","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:23,3799751","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:23,3800265","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS",""
"12:27:23,3801384","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:23,3803423","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:23,3805429","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3807421","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:23,3809772","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3817077","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3820291","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3823095","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3825484","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:23,3828236","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3830275","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3831963","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\dwm.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3832299","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3834664","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3836675","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3838737","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3840715","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:23,3842744","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3844703","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:23,3847675","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\dwm.exe","SUCCESS","CreationTime: 14.07.2009 01:37:38, LastAccessTime: 14.07.2009 01:37:38, LastWriteTime: 14.07.2009 03:39:08, ChangeTime: 11.05.2013 14:07:03, FileAttributes: A"
"12:27:23,3848323","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3850367","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3851267","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\dwm.exe","SUCCESS",""
"12:27:23,3852741","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3854766","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:23,3857164","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3859170","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3861176","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3861250","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3863219","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3865215","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3867581","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3868084","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,3869573","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:23,3871583","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3873230","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:23,3873318","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,3882051","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3884407","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3886478","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3888470","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:23,3890840","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3892590","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3892842","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3894512","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3896513","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3898230","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,3899298","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3901682","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3902983","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,3904103","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:23,3906127","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3908063","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:23,3921060","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3923556","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3927908","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\Dwm.exe","SUCCESS","Filter: Dwm.exe, 1: dwm.exe"
"12:27:23,3928370","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3933119","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3933469","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,3935536","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:23,3937971","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3943149","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,3947935","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3951537","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:23,3954741","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:23,3957177","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:23,3960190","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3961230","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:23,3963418","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3965648","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:23,3966996","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3969385","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:23,3970430","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\explorer.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3972188","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3974227","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3976233","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3978276","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,3980105","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\explorer.exe","SUCCESS","CreationTime: 11.05.2013 14:10:50, LastAccessTime: 11.05.2013 17:21:33, LastWriteTime: 25.02.2011 08:19:30, ChangeTime: 12.05.2013 08:15:45, FileAttributes: A"
"12:27:23,3981155","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:23,3983683","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\explorer.exe","SUCCESS",""
"12:27:23,3986771","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3990331","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:23,3992784","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:23,3994105","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,3994781","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:23,4000118","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,4001326","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:23,4004941","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,4006182","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,4023009","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4029018","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\Explorer.EXE","SUCCESS","Filter: Explorer.EXE, 1: explorer.exe"
"12:27:23,4033445","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,4038945","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 208, Length: 4.096"
"12:27:23,4070858","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,4076880","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.523.508, Length: 16.200"
"12:27:23,4080141","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.519.616, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,4091972","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4097616","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS","CreationTime: 12.11.2012 18:00:09, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 12.11.2012 18:00:09, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:23,4100042","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS",""
"12:27:23,4108309","SavService.exe","1536","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,4113113","SavService.exe","1536","QueryDirectory","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Filter: SbieDrv.sys, 1: SbieDrv.sys"
"12:27:23,4116029","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4117513","SavService.exe","1536","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:27:23,4126036","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:23,4132067","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,4146034","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,4151632","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:23,4153652","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,4160095","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,4164055","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,4167293","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,4179380","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4185379","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS","CreationTime: 11.02.2012 08:55:04, LastAccessTime: 10.08.2013 18:00:11, LastWriteTime: 11.02.2012 08:55:04, ChangeTime: 10.08.2013 18:00:11, FileAttributes: ANCI"
"12:27:23,4187819","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS",""
"12:27:23,4192549","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 177.648, Length: 4.096"
"12:27:23,4195773","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 176.128, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,4203810","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4209059","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Microsoft SQL Server\90","SUCCESS","Filter: 90, 1: 90"
"12:27:23,4211816","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 208, Length: 4.096"
"12:27:23,4213070","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server","SUCCESS",""
"12:27:23,4231171","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server\90","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4236722","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Microsoft SQL Server\90\Shared","SUCCESS","Filter: Shared, 1: Shared"
"12:27:23,4240351","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server\90","SUCCESS",""
"12:27:23,4253754","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,4268826","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4281716","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,4284450","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,4291704","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4296919","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,4300898","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,4302713","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 193.024, Length: 9.608"
"12:27:23,4306347","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 192.512, Length: 10.120, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,4315341","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4320622","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,4324657","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 184.832, Length: 4.096"
"12:27:23,4325436","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,4329042","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 184.320, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,4341055","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4341633","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 188.928, Length: 4.096"
"12:27:23,4346270","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,4346494","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 186.880, Length: 4.096"
"12:27:23,4350063","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 141.312, Length: 4.096"
"12:27:23,4350277","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,4353277","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 139.264, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,4396419","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 193.024, Length: 4.096"
"12:27:23,4400044","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4405292","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS","CreationTime: 03.08.2013 09:35:07, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:35:07, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:23,4407708","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS",""
"12:27:23,4410470","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,4415629","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 176.640, Length: 4.096"
"12:27:23,4428341","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4430870","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 193.024, Length: 4.096"
"12:27:23,4436020","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:23,4441599","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,4454563","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 197.120, Length: 5.512"
"12:27:23,4459424","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 208, Length: 4.096"
"12:27:23,4472561","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4478178","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","CreationTime: 14.09.2012 15:09:22, LastAccessTime: 18.11.2012 10:45:57, LastWriteTime: 14.09.2012 15:09:22, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:23,4480930","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS",""
"12:27:23,4496194","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4501400","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SynTP","SUCCESS","Filter: SynTP, 1: SynTP"
"12:27:23,4503495","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,4505799","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics","SUCCESS",""
"12:27:23,4508747","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 4.096, Length: 57.728"
"12:27:23,4511929","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 61.824, Length: 61.440"
"12:27:23,4515162","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 123.264, Length: 61.440"
"12:27:23,4521105","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4527067","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","Filter: SynTPEnh.exe, 1: SynTPEnh.exe"
"12:27:23,4531083","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP","SUCCESS",""
"12:27:23,4534242","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 184.704, Length: 8.320"
"12:27:23,4568786","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4574015","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS","CreationTime: 19.08.2009 16:31:40, LastAccessTime: 11.05.2013 13:45:36, LastWriteTime: 19.08.2009 16:31:40, ChangeTime: 15.05.2013 16:19:50, FileAttributes: ANCI"
"12:27:23,4576427","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS",""
"12:27:23,4603666","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4608914","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","CreationTime: 22.07.2013 21:33:32, LastAccessTime: 22.07.2013 21:33:32, LastWriteTime: 16.05.2013 03:14:56, ChangeTime: 22.07.2013 21:33:32, FileAttributes: N"
"12:27:23,4611303","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS",""
"12:27:23,4628064","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:23,4630187","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4630868","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:23,4633233","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:23,4636438","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:23,4638192","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT","SUCCESS","Filter: IDT, 1: IDT"
"12:27:23,4640062","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:23,4643431","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:23,4661419","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4666700","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM","SUCCESS","Filter: WDM, 1: WDM"
"12:27:23,4671061","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT","SUCCESS",""
"12:27:23,4686293","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4691527","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","Filter: sttray64.exe, 1: sttray64.exe"
"12:27:23,4695548","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM","SUCCESS",""
"12:27:23,4709580","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 197.635, Length: 4.096"
"12:27:23,4742459","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4750530","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:49:08, ChangeTime: 05.08.2013 09:19:04, FileAttributes: ANCI"
"12:27:23,4754159","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS",""
"12:27:23,4773803","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 177.648, Length: 4.096"
"12:27:23,4776584","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,4784188","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 160.768, Length: 4.096"
"12:27:23,4787850","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 177.648, Length: 4.096"
"12:27:23,4796177","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\igfxpers.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4802577","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\igfxpers.exe","SUCCESS","CreationTime: 09.08.2011 09:03:00, LastAccessTime: 11.05.2013 13:23:49, LastWriteTime: 09.08.2011 09:03:00, ChangeTime: 22.09.2013 09:54:27, FileAttributes: A"
"12:27:23,4805045","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\igfxpers.exe","SUCCESS",""
"12:27:23,4813027","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4818298","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,4823084","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 193.024, Length: 4.096"
"12:27:23,4832186","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,4852674","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4859033","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:23,4863110","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,4878719","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4883949","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\igfxpers.exe","SUCCESS","Filter: igfxpers.exe, 1: igfxpers.exe"
"12:27:23,4888324","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,4892896","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 178.688, Length: 4.096"
"12:27:23,4897365","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 182.784, Length: 4.096"
"12:27:23,4921231","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4936094","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","CreationTime: 21.11.2010 05:24:15, LastAccessTime: 21.11.2010 05:24:15, LastWriteTime: 21.11.2010 05:24:15, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:27:23,4938870","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS",""
"12:27:23,4946119","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4951372","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,4955379","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,4970606","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4975826","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,4979814","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,4994267","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,4999449","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem","SUCCESS","Filter: wbem, 1: wbem"
"12:27:23,5003485","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,5018688","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5027183","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem\wmiprvse.exe","SUCCESS","Filter: wmiprvse.exe, 1: WmiPrvSE.exe"
"12:27:23,5031554","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:27:23,5041350","SavService.exe","1536","ReadFile","C:\Program Files\Sandboxie\SbieDrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,5071323","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5089834","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,5092591","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,5099845","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5105056","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,5109044","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,5137557","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5143145","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,5147143","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,5162818","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5168462","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,5172474","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,5201360","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5207718","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","CreationTime: 16.09.2011 14:39:24, LastAccessTime: 11.05.2013 13:36:02, LastWriteTime: 16.09.2011 14:39:24, ChangeTime: 11.05.2013 13:36:02, FileAttributes: A"
"12:27:23,5210130","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS",""
"12:27:23,5263031","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5271461","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","Filter: nusb3mon.exe, 1: nusb3mon.exe"
"12:27:23,5278272","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application","SUCCESS",""
"12:27:23,5318442","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5327166","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,5330734","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:23,5331593","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","CreationTime: 03.08.2013 09:35:27, LastAccessTime: 03.08.2013 09:36:30, LastWriteTime: 03.08.2013 09:35:27, ChangeTime: 03.08.2013 09:36:30, FileAttributes: A"
"12:27:23,5334378","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:23,5335171","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS",""
"12:27:23,5337974","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:23,5340409","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:23,5342775","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,5344776","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:23,5346824","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:23,5349222","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:23,5351232","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:23,5353215","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,5354829","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5354876","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:23,5357208","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:23,5359247","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:23,5360474","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:23,5361243","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:23,5362885","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,5364887","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:23,5366039","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,5367289","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:23,5369314","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:23,5371292","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:23,5388543","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5393772","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","Filter: ALMon.exe, 1: ALMon.exe"
"12:27:23,5398134","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS",""
"12:27:23,5429833","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5435450","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","CreationTime: 05.11.2012 16:14:34, LastAccessTime: 11.05.2013 13:47:14, LastWriteTime: 05.11.2012 16:14:34, ChangeTime: 11.05.2013 13:47:14, FileAttributes: A"
"12:27:23,5437866","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS",""
"12:27:23,5453508","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5458742","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS","Filter: Shared, 1: Shared"
"12:27:23,5463136","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard","SUCCESS",""
"12:27:23,5478027","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5483177","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","Filter: hpqWmiEx.exe, 1: hpqWmiEx.exe"
"12:27:23,5486848","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS",""
"12:27:23,5514922","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5530494","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","CreationTime: 21.11.2010 05:24:15, LastAccessTime: 21.11.2010 05:24:15, LastWriteTime: 21.11.2010 05:24:15, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:27:23,5532929","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS",""
"12:27:23,5539801","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5544970","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,5548963","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,5563019","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5567880","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,5571887","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,5586288","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5591139","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem","SUCCESS","Filter: wbem, 1: wbem"
"12:27:23,5595552","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,5610009","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5614828","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem\wmiprvse.exe","SUCCESS","Filter: wmiprvse.exe, 1: WmiPrvSE.exe"
"12:27:23,5619199","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:27:23,5646891","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5652083","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS","CreationTime: 14.09.2012 15:09:22, LastAccessTime: 18.11.2012 10:45:57, LastWriteTime: 14.09.2012 15:09:22, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:23,5654485","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS",""
"12:27:23,5668961","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5673794","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SYNTP","SUCCESS","Filter: SYNTP, 1: SynTP"
"12:27:23,5677745","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics","SUCCESS",""
"12:27:23,5723154","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5728379","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS","CreationTime: 23.04.2013 18:59:50, LastAccessTime: 22.07.2013 21:33:15, LastWriteTime: 23.04.2013 18:59:50, ChangeTime: 22.07.2013 21:33:15, FileAttributes: ANCI"
"12:27:23,5730781","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS",""
"12:27:23,5745583","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5750785","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:23,5754773","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:23,5799725","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5804600","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS","CreationTime: 23.04.2013 18:59:48, LastAccessTime: 22.07.2013 21:33:16, LastWriteTime: 23.04.2013 18:59:48, ChangeTime: 22.07.2013 21:33:16, FileAttributes: ANCI"
"12:27:23,5807012","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS",""
"12:27:23,5823834","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5828672","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:23,5832660","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:23,5873558","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5883327","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","CreationTime: 11.05.2013 13:36:13, LastAccessTime: 11.05.2013 13:36:13, LastWriteTime: 24.07.2012 20:00:08, ChangeTime: 11.05.2013 13:36:13, FileAttributes: ANCI"
"12:27:23,5887824","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS",""
"12:27:23,5915431","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5920959","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,5925354","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,5928111","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:23,5930191","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:23,5932179","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:23,5933312","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Realtek","SUCCESS","Filter: Realtek, 1: Realtek"
"12:27:23,5934147","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:23,5936167","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:23,5938518","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,5961829","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,5967423","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","Filter: RIconMan.exe, 1: RIconMan.exe"
"12:27:23,5971458","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader","SUCCESS",""
"12:27:23,5972848","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:23,5979673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,5998044","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:23,6013951","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6019596","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS","CreationTime: 11.05.2013 13:23:00, LastAccessTime: 11.05.2013 13:23:00, LastWriteTime: 12.03.2013 13:20:32, ChangeTime: 11.05.2013 09:36:10, FileAttributes: A"
"12:27:23,6022792","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS",""
"12:27:23,6025007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,6031039","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.777.064, Length: 16.200"
"12:27:23,6034599","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.789.376, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,6038387","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6043271","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:23,6047288","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,6064268","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,6069110","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\lltdio.sys","NO SUCH FILE","Filter: lltdio.sys"
"12:27:23,6070473","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6072716","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:23,6080176","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL","SUCCESS","Filter: DAL, 1: DAL"
"12:27:23,6085797","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS",""
"12:27:23,6089128","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,6093135","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Filter: lltdio.sys, 1: lltdio.sys"
"12:27:23,6097119","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:23,6121032","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6124087","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,6127843","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","CreationTime: 11.05.2013 13:22:45, LastAccessTime: 11.05.2013 13:22:45, LastWriteTime: 12.03.2013 13:20:34, ChangeTime: 11.05.2013 09:36:10, FileAttributes: A"
"12:27:23,6130059","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:23,6130315","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS",""
"12:27:23,6132079","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,6138875","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,6143708","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,6147277","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,6152409","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6160778","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:23,6165615","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,6174203","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,6177441","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:23,6179391","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:23,6185446","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,6189071","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,6190862","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6192621","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,6196484","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS","Filter: LMS, 1: LMS"
"12:27:23,6200500","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS",""
"12:27:23,6205921","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,6209867","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:23,6213082","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,6216174","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6223013","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","Filter: LMS.exe, 1: LMS.exe"
"12:27:23,6228560","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS",""
"12:27:23,6250668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 54.604, Length: 4.096"
"12:27:23,6257898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:23,6273106","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6280332","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS","CreationTime: 11.05.2013 15:01:08, LastAccessTime: 11.05.2013 15:01:08, LastWriteTime: 11.05.2013 15:01:08, ChangeTime: 11.05.2013 15:05:08, FileAttributes: A"
"12:27:23,6283971","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS",""
"12:27:23,6284750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 50.184, Length: 4.096"
"12:27:23,6307618","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,6334129","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6340959","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS","CreationTime: 13.05.2013 16:08:26, LastAccessTime: 15.09.2013 13:17:55, LastWriteTime: 22.07.2013 00:25:30, ChangeTime: 15.09.2013 13:17:55, FileAttributes: ANCI"
"12:27:23,6344579","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS",""
"12:27:23,6369434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 54.272, Length: 4.096"
"12:27:23,6376273","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:23,6381838","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6395119","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 58.368, Length: 2.560"
"12:27:23,6398310","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,6401883","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,6412366","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6420767","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,6426417","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,6442063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,6445655","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6452503","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,6458045","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,6481995","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6489991","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,6495594","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,6517879","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 54.604, Length: 4.096"
"12:27:23,6524965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,6526943","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6532891","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","CreationTime: 20.06.2012 18:14:18, LastAccessTime: 11.05.2013 14:43:43, LastWriteTime: 20.06.2012 18:14:18, ChangeTime: 11.05.2013 14:43:53, FileAttributes: A"
"12:27:23,6534229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 41.472, Length: 4.096"
"12:27:23,6535344","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS",""
"12:27:23,6538199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 54.604, Length: 4.096"
"12:27:23,6551009","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6556202","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Winamp","SUCCESS","Filter: Winamp, 1: Winamp"
"12:27:23,6560251","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,6575067","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Winamp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6579909","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","Filter: winamp.exe, 1: winamp.exe"
"12:27:23,6583874","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Winamp","SUCCESS",""
"12:27:23,6611552","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6616786","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","CreationTime: 01.10.2013 13:42:31, LastAccessTime: 01.10.2013 13:42:43, LastWriteTime: 01.10.2013 13:42:43, ChangeTime: 05.10.2013 09:23:33, FileAttributes: A"
"12:27:23,6621157","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS",""
"12:27:23,6636449","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Mozilla Firefox","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6637736","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 60.416, Length: 512"
"12:27:23,6641618","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","Filter: firefox.exe, 1: firefox.exe"
"12:27:23,6645284","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Mozilla Firefox","SUCCESS",""
"12:27:23,6690232","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6695452","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS","CreationTime: 06.11.2012 09:18:34, LastAccessTime: 11.05.2013 13:42:02, LastWriteTime: 06.11.2012 09:18:34, ChangeTime: 11.05.2013 13:42:02, FileAttributes: A"
"12:27:23,6697864","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS",""
"12:27:23,6712652","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6717494","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:23,6723092","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:23,6737969","Windows7FirewallService.exe","2128","QueryOpen","D:\Progs\Firefox 19.0.2 portable\Firefox\firefox.exe","SUCCESS","CreationTime: 03.10.2013 16:41:28, LastAccessTime: 03.10.2013 16:41:43, LastWriteTime: 03.10.2013 16:41:43, ChangeTime: 03.10.2013 16:46:19, AllocationSize: 278.528, EndOfFile: 274.840, FileAttributes: ANCI"
"12:27:23,6742368","Windows7FirewallService.exe","2128","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6747182","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs","SUCCESS","Filter: Progs, 1: Progs"
"12:27:23,6750947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\lltdio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,6751171","Windows7FirewallService.exe","2128","CloseFile","D:\","SUCCESS",""
"12:27:23,6765609","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6770442","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Filter: Firefox, 1: Firefox"
"12:27:23,6774421","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS",""
"12:27:23,6785281","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6790063","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox\firefox.exe","SUCCESS","Filter: firefox.exe, 1: firefox.exe"
"12:27:23,6793692","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS",""
"12:27:23,6821029","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6826608","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","CreationTime: 18.07.2012 20:47:26, LastAccessTime: 06.10.2013 10:27:28, LastWriteTime: 18.07.2012 20:47:26, ChangeTime: 06.10.2013 10:27:28, FileAttributes: A"
"12:27:23,6829020","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS",""
"12:27:23,6843836","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6848674","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Nuance","SUCCESS","Filter: Nuance, 1: Nuance"
"12:27:23,6852658","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS",""
"12:27:23,6867147","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Nuance","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6871966","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","Filter: dgnsvc.exe, 1: dgnsvc.exe"
"12:27:23,6875591","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Nuance","SUCCESS",""
"12:27:23,6904794","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6917287","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskhost.exe","SUCCESS","CreationTime: 11.05.2013 14:09:45, LastAccessTime: 11.05.2013 14:09:45, LastWriteTime: 23.11.2012 05:13:57, ChangeTime: 11.05.2013 14:55:03, FileAttributes: A"
"12:27:23,6920510","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskhost.exe","SUCCESS",""
"12:27:23,6927704","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6932910","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,6936912","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,6950940","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6955777","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,6959444","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,6974647","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,6979504","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskhost.exe","SUCCESS","Filter: taskhost.exe, 1: taskhost.exe"
"12:27:23,6983828","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,7011552","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7016782","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","CreationTime: 16.12.2012 13:25:38, LastAccessTime: 13.05.2013 10:47:49, LastWriteTime: 16.12.2012 13:25:38, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:23,7020747","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS",""
"12:27:23,7036463","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7041292","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","Filter: SbieCtrl.exe, 1: SbieCtrl.exe"
"12:27:23,7045243","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:27:23,7060082","Windows7FirewallService.exe","2128","QueryOpen","D:\Progs\Firefox 19.0.2 portable\Firefox\plugin-container.exe","SUCCESS","CreationTime: 03.10.2013 16:41:29, LastAccessTime: 03.10.2013 16:41:42, LastWriteTime: 03.10.2013 16:41:42, ChangeTime: 03.10.2013 16:41:42, AllocationSize: 20.480, EndOfFile: 17.816, FileAttributes: ANCI"
"12:27:23,7064528","Windows7FirewallService.exe","2128","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7069314","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs","SUCCESS","Filter: Progs, 1: Progs"
"12:27:23,7073741","Windows7FirewallService.exe","2128","CloseFile","D:\","SUCCESS",""
"12:27:23,7088189","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7093008","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Filter: Firefox, 1: Firefox"
"12:27:23,7097398","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS",""
"12:27:23,7137936","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7143157","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","CreationTime: 10.09.2013 18:54:10, LastAccessTime: 10.09.2013 18:54:10, LastWriteTime: 10.09.2013 18:54:10, ChangeTime: 10.09.2013 18:54:10, FileAttributes: A"
"12:27:23,7145564","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS",""
"12:27:23,7152757","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7157562","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,7161233","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,7175289","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7180416","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:23,7184064","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,7198110","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7202934","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed","SUCCESS","Filter: Macromed, 1: Macromed"
"12:27:23,7207324","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:23,7225004","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7229818","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed\Flash","SUCCESS","Filter: Flash, 1: Flash"
"12:27:23,7233420","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed","SUCCESS",""
"12:27:23,7284361","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7291611","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","CreationTime: 10.09.2013 18:54:10, LastAccessTime: 10.09.2013 18:54:10, LastWriteTime: 10.09.2013 18:54:10, ChangeTime: 10.09.2013 18:54:10, FileAttributes: A"
"12:27:23,7295291","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS",""
"12:27:23,7305685","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7310033","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,7312921","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,7314063","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,7316825","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:23,7317744","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,7319666","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:23,7321658","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:23,7323627","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:23,7325665","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:23,7345254","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7351341","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:23,7356118","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,7359370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:23,7364147","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,7371797","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7377349","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed","SUCCESS","Filter: Macromed, 1: Macromed"
"12:27:23,7381622","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:23,7382639","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:23,7397875","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7403076","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed\Flash","SUCCESS","Filter: Flash, 1: Flash"
"12:27:23,7406715","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed","SUCCESS",""
"12:27:23,7412924","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,7419343","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 174.372, Length: 16.200"
"12:27:23,7438372","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7441399","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,7444007","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","CreationTime: 27.09.2013 20:28:05, LastAccessTime: 27.09.2013 20:28:05, LastWriteTime: 31.05.2013 15:54:54, ChangeTime: 27.09.2013 20:28:05, FileAttributes: A"
"12:27:23,7446190","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\nwifi.sys","NO SUCH FILE","Filter: nwifi.sys"
"12:27:23,7446764","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS",""
"12:27:23,7449045","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:23,7454013","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7459215","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:23,7463217","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,7465830","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,7469837","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Filter: nwifi.sys, 1: nwifi.sys"
"12:27:23,7473504","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:23,7478108","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7483277","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\Desktop","SUCCESS","Filter: Desktop, 1: Desktop"
"12:27:23,7486939","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:23,7500757","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,7502156","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\Desktop","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7506369","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:23,7507400","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","Filter: Procmon.exe, 1: Procmon.exe"
"12:27:23,7508393","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,7511402","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\Desktop","SUCCESS",""
"12:27:23,7514836","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,7519197","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,7523620","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,7542261","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskmgr.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7551339","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,7554922","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:23,7555538","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskmgr.exe","SUCCESS","CreationTime: 21.11.2010 05:24:24, LastAccessTime: 21.11.2010 05:24:24, LastWriteTime: 21.11.2010 05:24:24, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,7556559","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:23,7558304","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskmgr.exe","SUCCESS",""
"12:27:23,7562974","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,7565549","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7566599","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,7575588","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,7575686","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,7581834","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,7605533","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,7610384","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7611504","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:23,7617036","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,7617648","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:23,7624015","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,7643258","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7648535","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskmgr.exe","SUCCESS","Filter: taskmgr.exe, 1: taskmgr.exe"
"12:27:23,7651236","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 264.996, Length: 4.096"
"12:27:23,7653312","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,7657986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 262.144, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,7674141","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:23,7685043","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7691028","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","CreationTime: 06.10.2013 12:25:43, LastAccessTime: 06.10.2013 12:25:43, LastWriteTime: 06.10.2013 12:25:47, ChangeTime: 06.10.2013 12:25:47, FileAttributes: HA"
"12:27:23,7691742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 263.096, Length: 4.096"
"12:27:23,7693473","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS",""
"12:27:23,7701039","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7705905","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:23,7708610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,7710267","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,7725498","Windows7FirewallService.exe","2128","CreateFile","C:\Users","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7730368","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\WONDER~1","SUCCESS","Filter: WONDER~1, 1: wonderwall"
"12:27:23,7734343","Windows7FirewallService.exe","2128","CloseFile","C:\Users","SUCCESS",""
"12:27:23,7748799","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7749522","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 264.704, Length: 4.096"
"12:27:23,7753996","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:23,7754729","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 230.912, Length: 4.096"
"12:27:23,7757957","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 229.376, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,7757999","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:23,7772479","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7777657","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData\Local","SUCCESS","Filter: Local, 1: Local"
"12:27:23,7781058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 268.800, Length: 4.096"
"12:27:23,7781286","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:23,7784692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 270.336, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,7795743","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData\Local","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7800600","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData\Local\Temp","SUCCESS","Filter: Temp, 1: Temp"
"12:27:23,7804565","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData\Local","SUCCESS",""
"12:27:23,7830637","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 280.064, Length: 4.096"
"12:27:23,7834607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 278.528, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,7838759","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7846984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 314.880, Length: 4.096"
"12:27:23,7850599","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 311.296, Length: 7.680, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,7856444","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:23,7859295","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:23,7867332","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7869539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,7873276","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,7877707","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:23,7893386","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7898625","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:23,7902992","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,7917868","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,7930254","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:23,7936248","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:23,7936911","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 264.996, Length: 4.096"
"12:27:23,7939733","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,7947337","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 246.784, Length: 4.096"
"12:27:23,7950327","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,7950985","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 245.760, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,7954316","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,7957493","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,7961160","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,7963968","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,7964336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 264.996, Length: 4.096"
"12:27:23,7967569","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:23,7970382","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046}"
"12:27:23,7973531","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS",""
"12:27:23,8011821","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8016230","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:23,8019425","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8021804","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8024240","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8027389","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:23,8030281","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:23,8032660","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Query: Name"
"12:27:23,8035044","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8037899","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8040646","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {00020424-0000-0000-C000-000000000046}"
"12:27:23,8043058","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\ProxyStubClsid32","SUCCESS",""
"12:27:23,8047901","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8050700","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:23,8052752","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8054739","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8057100","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8059535","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8062315","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:23,8063799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 271.872, Length: 4.096"
"12:27:23,8064373","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8067186","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8070255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 274.432, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,8073586","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8078419","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:23,8083093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 275.968, Length: 4.096"
"12:27:23,8084525","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8091383","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:23,8094588","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8096944","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8099411","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8102588","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:23,8106176","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:23,8108559","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: Name"
"12:27:23,8110631","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8113864","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8116625","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {8564B5BD-BFC4-45C5-A755-25BA407305E7}"
"12:27:23,8121827","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: Name"
"12:27:23,8124243","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8127089","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8129487","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 1.0"
"12:27:23,8132262","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS",""
"12:27:23,8135486","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8138290","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:23,8140328","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8142311","Windows7FirewallControl.exe","3436","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8144340","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8147097","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:23,8151543","Windows7FirewallControl.exe","3436","RegCloseKey","HKCU\Software\Classes","SUCCESS",""
"12:27:23,8154295","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: Name"
"12:27:23,8156726","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8159581","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8162380","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Index: 0, Name: 1.0"
"12:27:23,8165155","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NO MORE ENTRIES","Index: 1, Length: 288"
"12:27:23,8167189","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: Name"
"12:27:23,8169204","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8171994","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8174397","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8176435","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:23,8179169","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: Name"
"12:27:23,8181231","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8184035","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8186451","Windows7FirewallControl.exe","3436","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Index: 0, Name: 0"
"12:27:23,8188877","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: Name"
"12:27:23,8190892","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8193668","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8196056","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8197843","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\nwifi.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,8198104","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:23,8200493","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: Name"
"12:27:23,8202517","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8205279","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8207672","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8209706","Windows7FirewallControl.exe","3436","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:23,8212108","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Query: Name"
"12:27:23,8214128","Windows7FirewallControl.exe","3436","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8216895","Windows7FirewallControl.exe","3436","RegOpenKey","HKCU\Software\Classes\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8219717","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","BUFFER OVERFLOW","Length: 144"
"12:27:23,8221737","Windows7FirewallControl.exe","3436","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","SUCCESS","Type: REG_SZ, Length: 138, Data: C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe"
"12:27:23,8242244","Windows7FirewallControl.exe","3436","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,8249410","Windows7FirewallControl.exe","3436","QueryNetworkOpenInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:23,8253077","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
"12:27:23,8257452","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 232, Length: 4"
"12:27:23,8259855","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 236, Length: 20"
"12:27:23,8261893","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 496, Length: 40"
"12:27:23,8264286","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 536, Length: 40"
"12:27:23,8266320","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 576, Length: 40"
"12:27:23,8268653","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 616, Length: 40"
"12:27:23,8270668","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 656, Length: 40"
"12:27:23,8272725","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.864, Length: 16"
"12:27:23,8275109","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.880, Length: 8"
"12:27:23,8277153","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.768, Length: 2"
"12:27:23,8279513","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.888, Length: 8"
"12:27:23,8281542","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.786, Length: 2"
"12:27:23,8283548","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.788, Length: 14"
"12:27:23,8285927","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.960, Length: 16"
"12:27:23,8287952","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.976, Length: 8"
"12:27:23,8290317","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.192, Length: 16"
"12:27:23,8292318","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.208, Length: 8"
"12:27:23,8294329","Windows7FirewallControl.exe","3436","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.544, Length: 16"
"12:27:23,8296340","Windows7FirewallControl.exe","3436","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8298821","Windows7FirewallControl.exe","3436","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:27:23,8301168","Windows7FirewallControl.exe","3436","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8305572","Windows7FirewallControl.exe","3436","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","SyncType: SyncTypeOther"
"12:27:23,8315177","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS",""
"12:27:23,8317248","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS",""
"12:27:23,8319665","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS",""
"12:27:23,8321657","Windows7FirewallControl.exe","3436","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS",""
"12:27:23,8328855","Windows7FirewallControl.exe","3436","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:27:23,8342920","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8354237","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8357815","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8361841","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8366949","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8371418","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8380272","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Wow6432Node\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\Forward","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8387475","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:23,8393143","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8395905","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8397971","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8400780","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8410301","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8413954","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:23,8416356","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\(Default)","SUCCESS","Type: REG_SZ, Length: 78, Data: {8564B5BD-BFC4-45C5-A755-25BA407305E7}"
"12:27:23,8418763","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib\Version","SUCCESS","Type: REG_SZ, Length: 8, Data: 1.0"
"12:27:23,8421175","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\Interface\{2A989990-552B-4039-8F65-10EC68FEDC34}\TypeLib","SUCCESS",""
"12:27:23,8424716","Windows7FirewallService.exe","2128","RegOpenKey","HKU\S-1-5-18_Classes","NAME NOT FOUND","Desired Access: Maximum Allowed"
"12:27:23,8427146","Windows7FirewallService.exe","2128","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8429553","Windows7FirewallService.exe","2128","RegOpenKey","HKCR","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8432017","Windows7FirewallService.exe","2128","RegQueryKey","HKCR","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8434783","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8437195","Windows7FirewallService.exe","2128","RegCloseKey","HKCR","SUCCESS",""
"12:27:23,8438604","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,8439215","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Index: 0, Name: 1.0"
"12:27:23,8441584","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","NO MORE ENTRIES","Index: 1, Length: 288"
"12:27:23,8441757","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,8443586","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8443768","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976336, endtime: 976336, seqnum: 0, connid: 0"
"12:27:23,8445606","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8447985","Windows7FirewallService.exe","2128","RegEnumKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Index: 0, Name: 0"
"12:27:23,8450420","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8452435","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8454814","Windows7FirewallService.exe","2128","RegQueryKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8456825","Windows7FirewallService.exe","2128","RegOpenKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8458882","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","BUFFER OVERFLOW","Length: 144"
"12:27:23,8460888","Windows7FirewallService.exe","2128","RegQueryValue","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64\(Default)","SUCCESS","Type: REG_SZ, Length: 138, Data: C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe"
"12:27:23,8468697","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,8470657","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,8471921","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976336, endtime: 976336, seqnum: 0, connid: 0"
"12:27:23,8479730","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,8487544","Windows7FirewallService.exe","2128","QueryNetworkOpenInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:23,8493091","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 0, Length: 64, Priority: Normal"
"12:27:23,8497975","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 232, Length: 4"
"12:27:23,8501212","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 236, Length: 20"
"12:27:23,8511657","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 496, Length: 40"
"12:27:23,8513369","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,8515641","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 536, Length: 40"
"12:27:23,8516262","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,8518893","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 576, Length: 40"
"12:27:23,8520218","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:23,8522093","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 616, Length: 40"
"12:27:23,8522266","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:23,8524626","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:23,8525321","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 656, Length: 40"
"12:27:23,8526250","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:23,8528246","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:23,8528857","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.864, Length: 16"
"12:27:23,8531712","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.880, Length: 8"
"12:27:23,8534922","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.768, Length: 2"
"12:27:23,8538089","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.888, Length: 8"
"12:27:23,8541285","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.786, Length: 2"
"12:27:23,8544144","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.788, Length: 14"
"12:27:23,8547368","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.960, Length: 16"
"12:27:23,8550195","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 740.976, Length: 8"
"12:27:23,8553726","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.192, Length: 16"
"12:27:23,8556931","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.208, Length: 8"
"12:27:23,8559805","Windows7FirewallService.exe","2128","ReadFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Offset: 741.544, Length: 16"
"12:27:23,8562753","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:23,8562972","Windows7FirewallService.exe","2128","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8566588","Windows7FirewallService.exe","2128","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: "
"12:27:23,8567166","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,8567404","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.675.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8569779","Windows7FirewallService.exe","2128","QueryStandardInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","AllocationSize: 782.336, EndOfFile: 778.752, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8575796","Windows7FirewallService.exe","2128","CreateFileMapping","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","SyncType: SyncTypeOther"
"12:27:23,8587823","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0\win64","SUCCESS",""
"12:27:23,8590701","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0\0","SUCCESS",""
"12:27:23,8593519","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}\1.0","SUCCESS",""
"12:27:23,8596649","Windows7FirewallService.exe","2128","RegCloseKey","HKCR\TypeLib\{8564B5BD-BFC4-45C5-A755-25BA407305E7}","SUCCESS",""
"12:27:23,8597283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:23,8603465","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:27:23,8605083","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.675.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8607505","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.675.659, Length: 2.920"
"12:27:23,8610747","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.678.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8612762","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.678.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8615094","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.678.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8616377","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.678.579, Length: 2.920"
"12:27:23,8624807","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.681.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8626981","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,8632593","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.752.738, Length: 16.200"
"12:27:23,8651034","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,8655423","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\nwifi.sys.mui","NO SUCH FILE","Filter: nwifi.sys.mui"
"12:27:23,8658218","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:23,8673500","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,8677144","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Filter: nwifi.sys.mui, 1: nwifi.sys.mui"
"12:27:23,8681100","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:23,8706799","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,8712388","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:23,8714389","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,8721242","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,8724890","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,8728435","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,8754531","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,8756183","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,8757787","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:23,8759383","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976336, endtime: 976336, seqnum: 0, connid: 0"
"12:27:23,8759751","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:23,8765788","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,8769375","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:23,8772594","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:23,8777129","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,8779540","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,8781108","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,8782367","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,8784355","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976336, endtime: 976337, seqnum: 0, connid: 0"
"12:27:23,8785833","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,8789435","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:23,8792626","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:23,8824576","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.681.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8827851","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.682.496, EndOfFile: 408.681.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8835031","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.681.499, Length: 1.460, Priority: Normal"
"12:27:23,8853891","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 408.682.496, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:23,8858691","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.682.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8863123","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.682.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8865969","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.682.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8868357","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.682.959, Length: 2.920"
"12:27:23,8871525","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.685.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8897840","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.685.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8899408","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 14.848, Length: 2.560"
"12:27:23,8901446","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.685.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8903849","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.685.879, Length: 2.920"
"12:27:23,8907441","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.688.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:23,8908640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,8995679","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:23,9001650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:23,9006926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:23,9012137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 16.384, Length: 1.024"
"12:27:23,9026132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,9038215","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:23,9042978","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:23,9047386","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:23,9051790","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 16.384, Length: 1.024"
"12:27:23,9074975","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9082980","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:23,9083390","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9086231","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:23,9086553","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976337, endtime: 976337, seqnum: 0, connid: 0"
"12:27:23,9104285","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:23,9107662","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9110070","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9111660","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9113237","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9114833","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9115243","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:27:23,9117226","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976337, endtime: 976337, seqnum: 0, connid: 0"
"12:27:23,9120421","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 6.656, Length: 4.096"
"12:27:23,9124853","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 10.752, Length: 4.096"
"12:27:23,9154550","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9160988","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:23,9163008","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:23,9169805","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9174605","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:23,9178272","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:23,9195071","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9200342","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:23,9204335","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:23,9220761","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9225967","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:23,9229186","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:23,9244478","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9249273","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:23,9252483","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:23,9257647","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\nwifi.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,9276162","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9280939","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:23,9282577","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:23,9304609","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9308645","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:23,9310277","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:23,9335524","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9339947","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:23,9341579","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:23,9364023","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9368053","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:23,9369994","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:23,9392908","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9398161","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:23,9400708","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9400918","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:23,9403955","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976337, endtime: 976337, seqnum: 0, connid: 0"
"12:27:23,9411998","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9414008","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976337, endtime: 976337, seqnum: 0, connid: 0"
"12:27:23,9426842","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9429244","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976337, endtime: 976337, seqnum: 0, connid: 0"
"12:27:23,9429496","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9435094","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:23,9438555","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:23,9445712","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9447666","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9448860","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9450120","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976337, endtime: 976337, seqnum: 0, connid: 0"
"12:27:23,9465501","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9470646","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:23,9472647","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:23,9495991","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9500395","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:23,9502354","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:23,9529686","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9535308","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:23,9538065","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:23,9569357","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9575035","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:23,9577810","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:23,9585848","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9591507","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:23,9601504","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9609500","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:23,9612355","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:23,9638698","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9646325","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:23,9649171","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:23,9656863","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:23,9660036","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7800000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:23,9663287","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:23,9675715","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9681756","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:23,9684975","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:23,9702986","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:23,9735431","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9738263","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9740614","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976337, endtime: 976337, seqnum: 0, connid: 0"
"12:27:23,9745718","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9752062","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:23,9752664","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9754656","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976337, endtime: 976337, seqnum: 0, connid: 0"
"12:27:23,9754805","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:23,9763963","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9765950","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9767564","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:23,9769127","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976337, endtime: 976337, seqnum: 0, connid: 0"
"12:27:23,9770027","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:23,9774090","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:23,9790562","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9796160","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:23,9800531","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:23,9808947","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:23,9813789","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:23,9817358","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9818426","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:23,9823049","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:23,9823259","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:23,9825657","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:23,9827066","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:23,9827691","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:23,9830084","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:23,9842251","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9846682","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:23,9849854","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:23,9864209","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:23,9869018","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,9872788","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9877219","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:23,9879165","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:23,9903236","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9903889","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:23,9908484","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:23,9910485","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:23,9930615","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:23,9937029","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.495.346, Length: 16.200"
"12:27:23,9940267","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.506.752, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:23,9948034","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9953585","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:23,9955596","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:23,9968056","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,9972852","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\ndisuio.sys","NO SUCH FILE","Filter: ndisuio.sys"
"12:27:23,9976019","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:23,9980092","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:23,9984491","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:23,9986133","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:23,9992076","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:23,9995715","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Filter: ndisuio.sys, 1: ndisuio.sys"
"12:27:24,0000091","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:24,0008567","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0012607","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,0014240","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:24,0033809","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,0037448","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0041423","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:24,0041497","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:24,0043904","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:24,0044586","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,0053295","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0054153","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,0056108","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0058119","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976338, endtime: 976338, seqnum: 0, connid: 0"
"12:27:24,0059000","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,0063507","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,0065545","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0066511","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0068517","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976338, endtime: 976338, seqnum: 0, connid: 0"
"12:27:24,0069604","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:24,0071568","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:24,0086151","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0087783","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0088959","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0090219","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976338, endtime: 976338, seqnum: 0, connid: 0"
"12:27:24,0094412","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0098462","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:24,0099283","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,0100090","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,0103351","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:24,0105319","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:24,0112932","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,0117406","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,0122141","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0122225","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,0126153","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:24,0127786","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,0151503","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,0159079","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:24,0163585","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,0169771","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0175397","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:24,0177421","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:24,0183873","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0188678","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,0192466","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 48.752, Length: 4.096"
"12:27:24,0195862","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0198083","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:24,0201899","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:24,0203905","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,0215255","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 46.600, Length: 4.096"
"12:27:24,0221967","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0228363","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:24,0230822","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:24,0233364","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,0238831","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:24,0242041","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7800000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:24,0245610","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:24,0264881","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:24,0278475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 48.640, Length: 4.096"
"12:27:24,0283690","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 29.184, Length: 4.096"
"12:27:24,0303829","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0310215","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:24,0311050","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 51.712, Length: 4.096"
"12:27:24,0313010","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:24,0322606","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0324285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,0328264","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:24,0333162","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,0350777","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0356361","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:24,0360756","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,0377256","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0382504","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:24,0384869","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 48.752, Length: 4.096"
"12:27:24,0386847","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,0387682","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,0395263","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 32.256, Length: 4.096"
"12:27:24,0398486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 48.752, Length: 4.096"
"12:27:24,0403679","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,0404154","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0409309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:24,0410116","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:24,0414165","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,0414557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:24,0421326","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:24,0426966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:24,0432177","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:24,0437392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:24,0442977","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:24,0448192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:24,0453081","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:24,0455521","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0458282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:24,0461529","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:24,0463498","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:24,0464011","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:24,0468718","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:24,0471050","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0474279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 53.248, Length: 3.584"
"12:27:24,0474302","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976338, endtime: 976338, seqnum: 0, connid: 0"
"12:27:24,0491129","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0491180","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 48.752, Length: 4.096"
"12:27:24,0492775","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0492887","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0493960","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0495122","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0495962","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0496004","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,0497571","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976338, endtime: 976338, seqnum: 0, connid: 0"
"12:27:24,0498513","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:24,0500790","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:24,0501247","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,0505217","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:24,0509630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:24,0514038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:24,0519207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:24,0527679","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:24,0532493","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0534093","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:24,0538464","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:24,0538926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:24,0540475","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:24,0543699","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:24,0548130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:24,0552548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:24,0556984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:24,0561724","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 53.248, Length: 3.584"
"12:27:24,0564948","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0569025","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,0573610","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,0586812","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 48.752, Length: 4.096"
"12:27:24,0604460","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:24,0609997","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:24,0613244","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:24,0616883","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:24,0620424","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0621627","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:24,0624482","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:24,0626040","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,0627286","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:24,0628051","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:24,0630925","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:24,0634531","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:24,0636929","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:24,0639681","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:24,0642135","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:24,0652080","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0656470","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:24,0658112","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:24,0676334","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 53.760, Length: 3.072"
"12:27:24,0679408","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0683770","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:24,0685393","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:24,0706689","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0710701","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:24,0712637","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,0734310","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0750834","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:24,0753693","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,0786558","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0791419","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:24,0794979","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:24,0803455","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0808451","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0809823","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,0812472","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976339, endtime: 976339, seqnum: 0, connid: 0"
"12:27:24,0815533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\ndisuio.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,0821056","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0828669","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:24,0831100","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,0832961","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0834972","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0836161","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0837328","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0838172","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,0839744","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976339, endtime: 976339, seqnum: 0, connid: 0"
"12:27:24,0850315","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,0862285","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:24,0867067","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:24,0869894","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:24,0882429","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,0885298","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:24,0890499","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:24,0933095","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9912, User Time: 0.0000000, Kernel Time: 0.0312002"
"12:27:24,0941138","taskmgr.exe","9948","Thread Exit","","SUCCESS","Thread ID: 9968, User Time: 0.0000000, Kernel Time: 0.0312002"
"12:27:24,1122681","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:24,1127080","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:24,1129510","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:24,1131890","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:24,1133863","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:24,1135169","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,1135930","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:24,1138271","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:24,1138817","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976339, endtime: 976339, seqnum: 0, connid: 0"
"12:27:24,1141252","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:24,1159222","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,1161704","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,1163672","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,1166042","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976339, endtime: 976339, seqnum: 0, connid: 0"
"12:27:24,1176021","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Synchronous"
"12:27:24,1180835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,1182785","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1187636","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:24,1189642","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,1196052","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1200848","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:24,1204860","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,1214087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui","SUCCESS","Offset: 184, Length: 2.888"
"12:27:24,1227872","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1235476","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:24,1241526","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,1258311","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1263139","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:24,1264250","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui","SUCCESS","Offset: 0, Length: 3.072"
"12:27:24,1266358","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,1276729","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 794.184, Length: 16.200"
"12:27:24,1280414","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1284855","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:24,1288386","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,1299601","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,1305582","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\ndisuio.sys.mui","NO SUCH FILE","Filter: ndisuio.sys.mui"
"12:27:24,1309621","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:24,1312504","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1316549","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:24,1318933","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,1334117","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,1339337","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui","SUCCESS","Filter: ndisuio.sys.mui, 1: ndisuio.sys.mui"
"12:27:24,1345309","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:24,1348896","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1355721","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:24,1362107","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,1389402","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,1389813","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1394650","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:24,1396988","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:24,1397501","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:24,1400668","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,1408715","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,1413903","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,1419123","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,1422594","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1430622","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,1433813","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,1452053","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,1455669","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:24,1457637","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:24,1464089","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,1468068","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,1469202","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1472117","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,1475593","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,1478406","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:24,1488935","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,1492928","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:24,1496184","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,1508910","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1514508","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:24,1517275","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:24,1546160","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1551763","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:24,1554221","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:24,1578685","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1582724","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:24,1584674","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,1606381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1610421","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:24,1612366","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,1634431","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1638462","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:24,1640090","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:24,1646066","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1650493","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,1657285","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1662543","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:24,1664544","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,1678189","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1683768","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:24,1686199","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:24,1695636","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:24,1701719","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:24,1706062","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:24,1708507","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,1717324","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1726588","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:24,1729369","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:24,1745449","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:24,1759425","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:24,1798163","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1802964","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:24,1804634","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:24,1810670","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1815433","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:24,1821904","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,1843218","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1849590","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:24,1854409","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,1872934","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1879283","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:24,1883370","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,1904614","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1910618","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:24,1915059","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,1948647","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1953452","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:24,1955430","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:24,1976716","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,1981106","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:24,1982739","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:24,2004781","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2008821","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,2010444","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,2034474","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2038901","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,2040543","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:24,2062618","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2066979","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:24,2068603","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:24,2090659","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2094680","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:24,2096308","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:24,2119549","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2127629","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:24,2130046","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,2158497","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2163349","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:24,2165318","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,2187854","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2192253","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:24,2193881","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:24,2199881","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2204648","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,2211487","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2217108","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:24,2221181","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,2245266","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2252073","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:24,2254872","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:24,2263329","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:24,2268913","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:24,2290979","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:24,2385384","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:24,2409820","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2414247","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:24,2416225","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,2423035","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2427495","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:24,2431484","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,2437604","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:24,2441663","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:24,2444425","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:24,2445096","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2446818","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:24,2448469","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:24,2449537","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:24,2450447","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:24,2452472","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:24,2453120","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,2465977","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2470385","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:24,2473581","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,2486470","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2487748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:24,2490883","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:24,2492577","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,2494074","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,2510668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:24,2516947","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:24,2539049","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2539712","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,2543402","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: DNCI"
"12:27:24,2545039","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,2546821","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.046.930, Length: 16.200"
"12:27:24,2566675","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2570580","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,2571480","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:24,2573132","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:24,2575786","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\rspndr.sys","NO SUCH FILE","Filter: rspndr.sys"
"12:27:24,2578982","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:24,2595818","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,2596345","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2599816","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Filter: rspndr.sys, 1: rspndr.sys"
"12:27:24,2600399","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,2602032","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,2603804","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:24,2626462","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2630857","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,2632499","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:24,2633544","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,2639151","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:24,2641162","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,2647595","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,2651616","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,2654555","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2655185","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,2658567","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:24,2660181","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:24,2682204","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2682913","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,2686510","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:24,2687060","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:24,2688465","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:24,2689024","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:24,2694538","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,2698149","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,2702147","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,2710707","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2714724","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:24,2716175","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,2716361","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,2720196","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:24,2723424","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,2738049","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2742462","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:24,2744813","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,2749501","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 70.996, Length: 4.096"
"12:27:24,2755057","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:24,2766118","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2770107","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:24,2771520","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 68.616, Length: 4.096"
"12:27:24,2772094","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:24,2777711","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2782105","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,2788748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,2791053","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,2800299","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:24,2802692","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,2821552","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:24,2829352","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 70.656, Length: 4.096"
"12:27:24,2834558","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 54.272, Length: 4.096"
"12:27:24,2869826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 74.752, Length: 2.048"
"12:27:24,2878241","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,2903582","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:24,2906455","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:24,2916611","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,2919475","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,2922699","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:24,2932295","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:24,2934702","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:24,2937128","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:24,2943234","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 70.996, Length: 4.096"
"12:27:24,2945674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,2952905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 59.392, Length: 4.096"
"12:27:24,2956124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 70.996, Length: 4.096"
"12:27:24,2960807","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:24,3002335","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3007910","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:24,3009897","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:24,3016339","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3021937","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:24,3026001","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,3039660","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3044399","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:24,3047628","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,3048789","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 76.288, Length: 512"
"12:27:24,3060923","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3065289","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:24,3068135","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,3081351","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3085727","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:24,3088563","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,3111030","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3115457","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, FileAttributes: ANCI"
"12:27:24,3117850","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:24,3141138","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3145490","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:24,3147127","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,3148662","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\rspndr.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,3167985","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3171996","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:24,3173625","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:24,3194836","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3198526","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,3200462","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,3224562","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3230589","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,3233029","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:24,3257898","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3262255","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:24,3263878","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:24,3285104","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3289130","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:24,3290758","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:24,3311671","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3315664","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:24,3317619","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,3340925","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3344942","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:24,3346570","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,3368566","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3372615","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:24,3374243","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:24,3380205","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3384287","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,3391079","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3396682","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:24,3398697","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,3406851","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes162.wohnheim.uni-kl.de:57293","SUCCESS","Length: 27, seqnum: 0, connid: 0"
"12:27:24,3414777","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3423183","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:24,3427158","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:24,3429593","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:24,3438270","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:24,3441881","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:24,3445851","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:24,3448272","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:21, LastWriteTime: 06.10.2013 12:27:21, ChangeTime: 06.10.2013 12:27:21, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:24,3480829","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:24,3522021","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3528053","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:24,3530040","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:24,3536464","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3540933","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:24,3544940","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,3558562","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3562970","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:24,3566198","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,3579036","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3583403","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:24,3586239","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,3599114","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3603490","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:24,3606653","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,3637517","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3643446","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:24,3645139","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:24,3668786","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3673181","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:24,3674813","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,3696450","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3700480","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:24,3702104","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:24,3724524","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3728554","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,3730182","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,3751394","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3755425","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,3757043","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:24,3778316","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3782309","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:24,3783923","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:24,3804388","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3808386","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:24,3810000","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:24,3831679","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3835667","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:24,3837281","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,3858134","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3862132","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:24,3863746","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,3885023","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3889026","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:24,3890644","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:24,3896284","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3901066","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,3907881","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3913489","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:24,3915518","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,3930777","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,3938395","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:24,3942360","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:24,3944810","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:24,3953431","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:24,3957839","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:24,3973476","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:24,4028360","svchost.exe","844","Thread Exit","","SUCCESS","Thread ID: 9620, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:24,4050798","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:24,4058323","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:24,4062363","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:24,4065908","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:24,4067980","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:24,4069944","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:24,4071586","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:24,4073741","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4074371","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:24,4078481","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:24,4080137","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,4086952","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4091771","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:24,4095741","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,4108999","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4110077","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\http.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:24,4113445","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:24,4115297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\http.sys.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,4117046","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,4132641","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4137073","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:24,4140268","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,4148180","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\http.sys.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:24,4153176","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4157585","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:24,4160762","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,4174575","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\http.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,4181031","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.724.252, Length: 16.200"
"12:27:24,4183648","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:24,4202313","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,4206068","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4206749","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\HTTP.sys.mui","NO SUCH FILE","Filter: HTTP.sys.mui"
"12:27:24,4209917","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:24,4210122","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:24,4212907","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,4227994","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,4232001","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\HTTP.sys.mui","SUCCESS","Filter: HTTP.sys.mui, 1: http.sys.mui"
"12:27:24,4235985","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:24,4245077","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4250288","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:24,4252298","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:24,4263312","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,4268948","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:24,4271294","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,4276328","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4277741","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,4280750","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,4281711","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,4282402","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:24,4284958","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,4304822","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4308875","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:24,4310863","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:24,4311856","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,4315439","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:24,4317081","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:24,4325898","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,4329929","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,4333525","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,4334094","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4338148","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:24,4339772","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:24,4347954","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,4351943","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:24,4355591","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,4370211","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4375445","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:24,4377437","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:24,4400711","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4404760","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:24,4406397","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:24,4406551","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes162.wohnheim.uni-kl.de:57293","SUCCESS","Length: 27, seqnum: 0, connid: 0"
"12:27:24,4438856","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4443755","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:24,4445747","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:24,4459480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\http.sys.mui","SUCCESS","Offset: 41.472, Length: 2.560"
"12:27:24,4468745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\http.sys.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,4470182","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4474581","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:24,4476214","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:24,4482199","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4486617","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,4493096","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4498690","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:24,4500691","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:24,4507936","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:24,4519939","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:24,4566272","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:24,4608728","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:24,4610006","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:24,4626758","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:24,4627989","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:24,4630807","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:24,4634026","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:24,4637973","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:24,4638364","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:24,4643221","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:24,4654445","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:24,4907218","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.688.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,4910469","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.688.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,4912867","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.688.799, Length: 1.460"
"12:27:24,4916076","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.690.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,4939761","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.690.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,4942597","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.690.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,4944971","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.690.259, Length: 2.920"
"12:27:24,4948176","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.693.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,4984176","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.693.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,4988193","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.693.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,4990978","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.693.179, Length: 2.920"
"12:27:24,4994602","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.696.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5011812","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.696.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5014629","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.696.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5016281","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.696.099, Length: 1.460"
"12:27:24,5022229","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.697.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5045260","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.697.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5048455","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.697.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5050470","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.697.559, Length: 1.460"
"12:27:24,5054100","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.699.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5075382","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.699.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5078554","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.699.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5080597","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.699.019, Length: 1.460"
"12:27:24,5083405","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.700.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5108242","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.700.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5111092","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.700.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5113462","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.700.479, Length: 1.460"
"12:27:24,5116238","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.701.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5141037","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.701.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5143486","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.701.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5145524","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.701.939, Length: 4.380"
"12:27:24,5148706","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.706.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5175390","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.706.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5178184","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.706.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5180148","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.706.319, Length: 2.920"
"12:27:24,5182947","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.709.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5205750","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.709.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5208115","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.709.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5209729","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.709.239, Length: 1.460"
"12:27:24,5212085","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.710.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5240359","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.710.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5246027","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.710.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5248836","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.710.699, Length: 2.920"
"12:27:24,5252045","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.713.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5277147","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.713.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5279937","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.713.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5281565","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.713.619, Length: 2.920"
"12:27:24,5284388","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.716.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5291744","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:24,5295747","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:24,5298159","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:24,5300584","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:24,5302553","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:24,5304536","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:24,5304876","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.716.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5306556","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:24,5307689","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.716.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5309336","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.716.539, Length: 1.460"
"12:27:24,5312098","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.717.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5337517","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.717.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5340326","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.717.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5342299","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.717.999, Length: 2.920"
"12:27:24,5343848","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:24,5345126","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.720.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5348298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,5366571","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.720.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5369771","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.720.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5371814","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.720.919, Length: 1.460"
"12:27:24,5375019","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.722.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5378718","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:24,5399370","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.722.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5402962","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.722.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5404782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,5405365","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.722.379, Length: 8.760"
"12:27:24,5409372","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.731.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5410417","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.633.532, Length: 16.200"
"12:27:24,5431265","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,5435697","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\bowser.sys","NO SUCH FILE","Filter: bowser.sys"
"12:27:24,5438855","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:24,5448101","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.731.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5451716","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.731.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5454175","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.731.139, Length: 1.460"
"12:27:24,5455322","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,5458168","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.732.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5459339","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Filter: bowser.sys, 1: bowser.sys"
"12:27:24,5463332","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:24,5481209","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.732.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5483998","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.732.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5485659","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.732.599, Length: 7.300"
"12:27:24,5489214","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.739.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5490212","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,5495465","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:24,5497480","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,5503894","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,5507841","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,5509292","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.739.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5511102","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,5511354","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.739.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5512968","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.739.899, Length: 5.840"
"12:27:24,5516107","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.745.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,5538387","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,5541961","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:24,5543589","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:24,5549630","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,5553241","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,5556809","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,5570413","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,5574051","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:24,5577284","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,5603380","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 83.784, Length: 4.096"
"12:27:24,5608974","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:24,5627414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 81.928, Length: 4.096"
"12:27:24,5644246","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,5685242","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 83.968, Length: 4.096"
"12:27:24,5688824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 88.064, Length: 2.560"
"12:27:24,5691628","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:24,5694823","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 14.336, Length: 4.096"
"12:27:24,5726126","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 88.576, Length: 2.048"
"12:27:24,5734588","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,5738996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:24,5801535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,5809601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:24,5812764","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 83.784, Length: 4.096"
"12:27:24,5817592","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,5823232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:24,5828457","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:24,5834036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:24,5839252","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:24,5844458","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:24,5849333","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:24,5854520","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:24,5860090","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:24,5865315","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:24,5870517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:24,5875406","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:24,5880602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:24,5885813","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:24,5891015","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:24,5896212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:24,5901086","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:24,5906274","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:24,5911471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:24,5916668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:24,5922699","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:24,5931857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:24,5940286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 90.112, Length: 512"
"12:27:24,5958685","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 83.784, Length: 4.096"
"12:27:24,5965519","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,5971164","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:24,5976748","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:24,5981996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:24,5987548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:24,5992810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:24,5998058","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:24,6003618","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:24,6008857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:24,6014115","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:24,6019727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:24,6024886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:24,6029332","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:24,6033750","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:24,6038163","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:24,6042576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:24,6046989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:24,6051402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:24,6055810","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:24,6060219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:24,6064627","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:24,6069036","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:24,6073454","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 90.112, Length: 512"
"12:27:24,6090733","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 83.784, Length: 4.096"
"12:27:24,6167285","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 90.112, Length: 512"
"12:27:24,6280094","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\bowser.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,6733490","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:24,6737544","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:24,6742615","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:24,6746641","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:24,6749403","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:24,6751451","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:24,6754264","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:24,6794816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:24,6799635","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,6839442","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:24,6872293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,6878693","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 103.902, Length: 16.200"
"12:27:24,6902018","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,6907178","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\mrxsmb.sys","NO SUCH FILE","Filter: mrxsmb.sys"
"12:27:24,6910037","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:24,6927685","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,6931683","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Filter: mrxsmb.sys, 1: mrxsmb.sys"
"12:27:24,6935699","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:24,6962197","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,6967799","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:24,6969824","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,6976229","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,6980171","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,6983404","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,7009537","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,7013096","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:24,7014724","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:24,7021493","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,7025118","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,7028346","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,7041641","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,7045593","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:24,7048802","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,7074124","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 150.544, Length: 4.096"
"12:27:24,7077352","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 147.456, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,7092224","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:24,7109914","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 134.476, Length: 4.096"
"12:27:24,7113482","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 131.072, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,7142573","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,7156582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 150.578, Length: 4.096"
"12:27:24,7166267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:24,7180663","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 150.578, Length: 4.096"
"12:27:24,7192745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,7198301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 146.432, Length: 4.096"
"12:27:24,7201161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 143.360, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,7238570","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 150.528, Length: 4.096"
"12:27:24,7263131","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 100.352, Length: 4.096"
"12:27:24,7284389","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 154.624, Length: 3.584"
"12:27:24,7289157","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 155.648, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,7343630","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,7366512","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 78.848, Length: 4.096"
"12:27:24,7393784","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:24,7427078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 150.544, Length: 4.096"
"12:27:24,7429532","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,7437107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 107.008, Length: 4.096"
"12:27:24,7440704","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 150.544, Length: 4.096"
"12:27:24,7445579","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,7451158","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:24,7456383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:24,7462000","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:24,7467229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:24,7472459","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:24,7477670","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:24,7482871","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:24,7488087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:24,7493297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:24,7498508","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:24,7503714","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:24,7508920","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:24,7514122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:24,7519379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:24,7528621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:24,7534592","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:24,7539807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:24,7545014","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:24,7549898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:24,7555104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:24,7560305","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:24,7565507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:24,7570713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:24,7575919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:24,7581125","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:24,7586005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:24,7594896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:24,7601343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:24,7606601","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:24,7611816","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:24,7617022","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:24,7629138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:24,7635552","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:24,7641122","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:24,7646342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:24,7653554","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:24,7658784","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:24,7663999","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 155.648, Length: 2.560"
"12:27:24,7680858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 150.544, Length: 4.096"
"12:27:24,7686064","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,7690510","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:24,7694923","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:24,7699336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:24,7703745","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:24,7708158","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:24,7712571","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:24,7716984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:24,7723380","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:24,7727812","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:24,7732229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:24,7736633","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:24,7741051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:24,7745464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:24,7749872","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:24,7754276","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:24,7758680","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:24,7763088","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:24,7767175","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:24,7771583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:24,7775987","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:24,7780395","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:24,7784804","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:24,7789208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:24,7793616","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:24,7798020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:24,7802433","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:24,7806837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:24,7811240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:24,7815644","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:24,7820505","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:24,7824946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:24,7829350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:24,7833754","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:24,7838162","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:24,7842566","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:24,7846970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:24,7851378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:24,7855782","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 155.648, Length: 2.560"
"12:27:24,7873835","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 150.544, Length: 4.096"
"12:27:24,7959583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 157.696, Length: 512"
"12:27:24,8083602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,8535104","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8538719","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976346, endtime: 976346, seqnum: 0, connid: 0"
"12:27:24,8558415","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8560421","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8561606","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8562767","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8563612","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8565179","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976346, endtime: 976346, seqnum: 0, connid: 0"
"12:27:24,8610849","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.745.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,8613714","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.745.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,8615664","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.745.739, Length: 1.460"
"12:27:24,8620520","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.747.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,8667818","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:24,8671826","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:24,8674237","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:24,8676304","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:24,8678277","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:24,8680232","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:24,8682252","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.747.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,8682676","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:24,8685135","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.748.032, EndOfFile: 408.747.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,8689123","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.747.199, Length: 7.300, Priority: Normal"
"12:27:24,8707531","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.754.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,8728421","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:24,8741213","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,8779582","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:24,8813735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,8821003","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.014.666, Length: 16.200"
"12:27:24,8843092","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,8847883","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\mrxsmb10.sys","NO SUCH FILE","Filter: mrxsmb10.sys"
"12:27:24,8851045","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:24,8858314","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8861896","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976347, endtime: 976347, seqnum: 0, connid: 0"
"12:27:24,8867933","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,8871945","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Filter: mrxsmb10.sys, 1: mrxsmb10.sys"
"12:27:24,8875971","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:24,8883159","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8885968","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8887521","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8888393","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8889555","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8891953","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,8893558","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976347, endtime: 976347, seqnum: 0, connid: 0"
"12:27:24,8902440","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,8907693","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:24,8909694","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,8916099","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,8922121","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,8925704","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,8952206","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,8955434","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:24,8957393","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:24,8963421","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,8967045","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:24,8970441","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.754.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,8970619","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:24,8974066","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.754.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,8976072","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.754.499, Length: 10.220"
"12:27:24,8979748","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.764.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,8983900","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:24,8987520","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:24,8990730","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:24,9019214","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 279.652, Length: 4.096"
"12:27:24,9023203","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 278.528, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,9039647","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:24,9070548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,9112225","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 279.552, Length: 4.096"
"12:27:24,9115831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 283.648, Length: 4.096"
"12:27:24,9119106","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 286.720, Length: 2.048, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:24,9132065","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 281.600, Length: 4.096"
"12:27:24,9136082","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 85.504, Length: 4.096"
"12:27:24,9156178","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 285.696, Length: 3.072"
"12:27:24,9183436","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9186580","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9188269","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976347, endtime: 976347, seqnum: 0, connid: 0"
"12:27:24,9198271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,9204312","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9206248","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9207102","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9208268","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9209117","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9210680","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976347, endtime: 976347, seqnum: 0, connid: 0"
"12:27:24,9236738","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 87.552, Length: 4.096"
"12:27:24,9263096","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.764.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9267565","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.764.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9269538","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.764.719, Length: 2.920"
"12:27:24,9272351","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.767.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9274068","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 279.652, Length: 4.096"
"12:27:24,9276507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,9283738","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:24,9287703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 279.652, Length: 4.096"
"12:27:24,9292564","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,9298130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:24,9303340","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:24,9308621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:24,9314173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:24,9322588","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:24,9327878","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:24,9333089","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:24,9338295","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:24,9343506","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:24,9348712","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:24,9353937","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:24,9359143","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:24,9364354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:24,9370815","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:24,9378806","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:24,9384031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:24,9389246","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:24,9394457","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:24,9399663","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:24,9404888","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:24,9405005","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.767.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9409026","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.767.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9410104","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:24,9411004","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.767.639, Length: 7.300"
"12:27:24,9414232","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.774.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9415319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:24,9420544","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:24,9426105","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:24,9431311","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:24,9436195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:24,9441396","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:24,9446598","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:24,9451813","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:24,9457010","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:24,9463037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:24,9468621","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:24,9473529","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:24,9478740","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:24,9483937","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:24,9489138","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:24,9497414","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:24,9502233","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9503842","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:24,9505456","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976347, endtime: 976347, seqnum: 0, connid: 0"
"12:27:24,9509463","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:24,9514684","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:24,9521075","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:24,9524555","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9526304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:24,9527330","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9528567","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9529752","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9531370","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976347, endtime: 976347, seqnum: 0, connid: 0"
"12:27:24,9531524","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:24,9536735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:24,9541946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:24,9544568","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9546191","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9547441","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976347, endtime: 976347, seqnum: 0, connid: 0"
"12:27:24,9552624","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:24,9558609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:24,9563871","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:24,9568289","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.774.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9569418","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:24,9571471","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.774.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9573117","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.774.939, Length: 1.460"
"12:27:24,9574722","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:24,9580087","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.776.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9581155","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:24,9586725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:24,9591950","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:24,9597161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:24,9602362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:24,9607568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:24,9612775","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:24,9621218","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.776.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9621778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:24,9624045","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.776.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9626466","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.776.399, Length: 2.920"
"12:27:24,9628244","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:24,9629685","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.779.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9634597","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:24,9642229","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:24,9647463","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:24,9652726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:24,9657936","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:24,9661333","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.779.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9663152","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:24,9664132","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.779.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9665769","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.779.319, Length: 2.920"
"12:27:24,9668367","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:24,9672799","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.782.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9675006","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:24,9680594","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:24,9685800","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:24,9691007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 286.720, Length: 2.048"
"12:27:24,9696138","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.782.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9698932","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.782.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9700561","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.782.239, Length: 2.920"
"12:27:24,9703737","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.785.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9708281","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 279.652, Length: 4.096"
"12:27:24,9713473","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:24,9717919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:24,9724375","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:24,9729110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:24,9733206","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:24,9737610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:24,9747798","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:24,9753410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:24,9758192","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:24,9762614","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:24,9767032","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:24,9771445","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:24,9775858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:24,9780267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:24,9784675","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:24,9789084","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:24,9793497","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:24,9797910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:24,9802323","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:24,9806731","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:24,9811140","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:24,9815543","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:24,9822018","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:24,9824360","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9826842","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:24,9827225","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976348, endtime: 976348, seqnum: 0, connid: 0"
"12:27:24,9831568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:24,9836839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:24,9843272","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:24,9850969","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:24,9855672","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9858098","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9859324","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:24,9860075","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976348, endtime: 976348, seqnum: 0, connid: 0"
"12:27:24,9864185","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:24,9868622","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:24,9873352","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:24,9874089","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9875731","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9876916","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9877770","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:24,9877802","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:24,9879361","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976348, endtime: 976348, seqnum: 0, connid: 0"
"12:27:24,9882211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:24,9886619","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:24,9891028","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:24,9895884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:24,9896910","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.785.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9899723","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.785.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9900670","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:24,9901379","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.785.159, Length: 1.460"
"12:27:24,9904141","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.786.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9905097","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:24,9909510","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:24,9913919","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:24,9918696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:24,9923146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:24,9927559","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:24,9931968","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:24,9936367","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:24,9940785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:24,9941372","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.786.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9944181","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.786.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9945207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:24,9946149","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.786.619, Length: 8.760"
"12:27:24,9949368","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.795.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:24,9949629","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:24,9954038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:24,9958446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:24,9962845","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:24,9967245","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:24,9971331","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:24,9975735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:24,9980139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:24,9984542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:24,9988946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:24,9993355","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:24,9997754","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:25,0002153","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:25,0006239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:25,0010643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:25,0015037","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:25,0019856","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:25,0024279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:25,0028683","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:25,0035573","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:25,0041185","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:25,0045952","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:25,0050384","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 286.720, Length: 2.048"
"12:27:25,0069277","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 279.652, Length: 4.096"
"12:27:25,0145084","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 287.744, Length: 1.024"
"12:27:25,0178093","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0180883","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0182889","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976348, endtime: 976348, seqnum: 0, connid: 0"
"12:27:25,0198908","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0200550","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0201721","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0202575","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0203732","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0204982","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976348, endtime: 976348, seqnum: 0, connid: 0"
"12:27:25,0252551","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.795.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0255364","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.795.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0257319","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.795.379, Length: 2.920"
"12:27:25,0260524","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.798.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0279440","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb10.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,0301412","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.798.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0304197","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.798.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0305826","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.798.299, Length: 4.380"
"12:27:25,0309021","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.802.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0400721","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.802.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0403553","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.802.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0405507","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.802.679, Length: 2.920"
"12:27:25,0410732","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.805.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0608430","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0611616","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0613641","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976348, endtime: 976348, seqnum: 0, connid: 0"
"12:27:25,0637488","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0640259","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0641491","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0642708","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0643898","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0645829","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976348, endtime: 976348, seqnum: 0, connid: 0"
"12:27:25,0765906","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.805.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0768761","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.805.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0770725","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.805.599, Length: 10.220"
"12:27:25,0774369","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.815.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,0834221","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:25,0838582","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,0841008","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:25,0847259","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:25,0849657","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:25,0851677","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:25,0854033","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:25,0890149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:25,0894628","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,0929583","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:25,0933212","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 4.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,0947991","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0950454","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,0952446","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976349, endtime: 976349, seqnum: 0, connid: 0"
"12:27:25,0960721","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,0966749","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.134.248, Length: 16.200"
"12:27:25,0991231","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,0996026","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\mrxsmb20.sys","NO SUCH FILE","Filter: mrxsmb20.sys"
"12:27:25,0998876","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:25,1015279","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,1020961","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.815.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,1021306","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Filter: mrxsmb20.sys, 1: mrxsmb20.sys"
"12:27:25,1023839","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.815.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,1025691","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:25,1025812","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.815.819, Length: 2.920"
"12:27:25,1029045","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.818.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,1052202","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,1057464","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:25,1059801","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,1065885","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,1079110","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,1083112","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,1114802","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,1118398","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:25,1120400","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:25,1126464","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,1130080","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,1133630","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,1146930","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,1150881","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:25,1154095","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,1180569","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 119.396, Length: 4.096"
"12:27:25,1185850","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:25,1215892","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,1277489","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 119.296, Length: 4.096"
"12:27:25,1283092","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 123.392, Length: 4.096"
"12:27:25,1287141","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 104.448, Length: 4.096"
"12:27:25,1351107","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 125.440, Length: 2.560"
"12:27:25,1363773","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,1407167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:25,1442891","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 119.396, Length: 4.096"
"12:27:25,1445727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,1456480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 109.568, Length: 4.096"
"12:27:25,1462083","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 119.396, Length: 4.096"
"12:27:25,1468096","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,1478420","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:25,1486434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:25,1494099","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:25,1501703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:25,1508509","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:25,1513776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:25,1523801","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:25,1531433","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:25,1538603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:25,1544173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:25,1549402","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:25,1554613","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:25,1559852","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:25,1565063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:25,1571109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:25,1576343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:25,1581880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:25,1587110","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:25,1592325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:25,1599626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:25,1605298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:25,1610906","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:25,1616886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:25,1627219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:25,1633648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:25,1638900","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:25,1644121","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:25,1649322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:25,1654523","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:25,1659730","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:25,1664945","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 126.976, Length: 1.024"
"12:27:25,1680204","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 119.396, Length: 4.096"
"12:27:25,1685387","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,1689833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:25,1694241","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:25,1698654","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:25,1703063","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:25,1707471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:25,1711880","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:25,1716283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:25,1721130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:25,1725553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:25,1729961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:25,1734370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:25,1739207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:25,1743961","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:25,1748365","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:25,1752456","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:25,1756860","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:25,1761259","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:25,1765672","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:25,1770076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:25,1774493","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:25,1778897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:25,1783305","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:25,1787714","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:25,1792127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:25,1796535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:25,1800935","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:25,1805338","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:25,1809747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:25,1813833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:25,1818587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:25,1823033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 126.976, Length: 1.024"
"12:27:25,1839449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 119.396, Length: 4.096"
"12:27:25,1912106","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 126.976, Length: 1.024"
"12:27:25,2028857","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\mrxsmb20.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,2489348","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:25,2493407","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,2495847","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:25,2498235","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:25,2500204","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:25,2501851","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:25,2504178","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:25,2538769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:25,2543556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,2583241","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:25,2602535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,2608889","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 280.644, Length: 16.200"
"12:27:25,2636958","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,2641432","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\npf.sys","NO SUCH FILE","Filter: npf.sys"
"12:27:25,2644259","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:25,2660675","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,2664654","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\npf.sys","SUCCESS","Filter: npf.sys, 1: npf.sys"
"12:27:25,2668303","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:25,2694772","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,2700034","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:25,2702366","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,2708445","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,2712429","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,2715671","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,2745714","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,2748956","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:25,2750910","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:25,2756970","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,2760576","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,2763790","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,2777067","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,2781000","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:25,2783887","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,2809895","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 24.584, Length: 4.096"
"12:27:25,2815147","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:25,2845670","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,2884539","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 28.672, Length: 7.928"
"12:27:25,2890599","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:25,2894546","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 20.992, Length: 4.096"
"12:27:25,2916611","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:25,2921831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 26.624, Length: 4.096"
"12:27:25,2930727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,2946322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:25,2967156","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 32.768, Length: 3.832"
"12:27:25,2973589","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:25,3017035","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,3023440","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 4.096, Length: 24.576"
"12:27:25,3067225","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 32.468, Length: 4.096"
"12:27:25,3139705","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 24.584, Length: 4.096"
"12:27:25,3142924","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,3150505","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 22.528, Length: 4.096"
"12:27:25,3187041","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:25,3258462","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 28.160, Length: 4.096"
"12:27:25,3332696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\npf.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,3824919","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:25,3828978","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,3831403","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:25,3833792","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:25,3835765","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:25,3837403","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:25,3839427","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:25,3874275","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:25,3881566","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,3899447","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:25,3934673","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,3941073","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.020.874, Length: 16.200"
"12:27:25,3962000","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,3966758","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\peauth.sys","NO SUCH FILE","Filter: peauth.sys"
"12:27:25,3969599","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:25,3985642","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,3989631","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\peauth.sys","SUCCESS","Filter: peauth.sys, 1: PEAuth.sys"
"12:27:25,3993302","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:25,4020168","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,4025761","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:25,4027772","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,4034182","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,4037797","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,4041412","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,4067840","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,4071058","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:25,4072687","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:25,4078714","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,4082306","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,4085525","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,4098419","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,4102356","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:25,4105570","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,4132049","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 634.708, Length: 4.096"
"12:27:25,4135641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 630.784, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,4151898","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 240, Length: 4.096"
"12:27:25,4182781","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,4225713","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 633.344, Length: 4.096"
"12:27:25,4230555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 33.280, Length: 4.096"
"12:27:25,4241769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 636.928, Length: 4.096"
"12:27:25,4244652","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 638.976, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,4274205","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,4304495","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes026.wohnheim.uni-kl.de:59701","SUCCESS","Length: 28, seqnum: 0, connid: 0"
"12:27:25,4333161","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 634.708, Length: 4.096"
"12:27:25,4335988","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,4343224","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 44.032, Length: 4.096"
"12:27:25,4347203","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 634.708, Length: 4.096"
"12:27:25,4393377","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 48.128, Length: 4.096"
"12:27:25,4398966","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:25,4453938","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 638.976, Length: 4.096"
"12:27:25,4458753","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 643.072, Length: 4.096"
"12:27:25,4461962","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 643.072, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,4578373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\PEAuth.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,4632888","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:25,4635705","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:25,4638061","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:25,4640939","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:25,4644536","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:25,5057841","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:25,5061881","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,5064312","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:25,5066695","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:25,5068645","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:25,5070278","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:25,5072298","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:25,5106366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:25,5111176","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,5128535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:25,5148991","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,5154607","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 994.578, Length: 16.200"
"12:27:25,5175035","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,5179448","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\secdrv.SYS","NO SUCH FILE","Filter: secdrv.SYS"
"12:27:25,5182275","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:25,5198272","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,5201915","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\secdrv.SYS","SUCCESS","Filter: secdrv.SYS, 1: secdrv.sys"
"12:27:25,5205885","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:25,5242029","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,5248070","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:25,5250422","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,5256901","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,5260871","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,5264496","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,5282969","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes026.wohnheim.uni-kl.de:59701","SUCCESS","Length: 28, seqnum: 0, connid: 0"
"12:27:25,5291730","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,5294982","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:25,5296610","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:25,5302632","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,5306238","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,5309793","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,5323499","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,5327459","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:25,5330669","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,5356382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 19.580, Length: 3.460"
"12:27:25,5361943","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:25,5391235","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,5432198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 19.456, Length: 3.584"
"12:27:25,5435837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 8.704, Length: 4.096"
"12:27:25,5452645","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 20.992, Length: 2.048"
"12:27:25,5461102","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,5523291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 19.580, Length: 3.460"
"12:27:25,5526020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,5532920","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 10.752, Length: 4.096"
"12:27:25,5536507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 19.580, Length: 3.460"
"12:27:25,5709033","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\secdrv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,5926651","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,5929478","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:25,5932687","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:25,5935915","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:25,5938327","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:25,5940706","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,5942708","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:25,5945091","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:25,5947499","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:25,5949523","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:25,5952299","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,5954319","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:25,5956362","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:25,5958723","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:25,5960719","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:25,5962380","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,5964344","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:25,5966364","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:25,5968384","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:25,5970366","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:25,6204227","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:25,6208253","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,6210987","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:25,6213054","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:25,6215456","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:25,6219827","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:25,6221880","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:25,6264807","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:25,6269603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,6309824","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:25,6345199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,6351660","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.337.532, Length: 16.200"
"12:27:25,6355621","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.343.488, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,6387842","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,6393020","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\srvnet.sys","NO SUCH FILE","Filter: srvnet.sys"
"12:27:25,6396201","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:25,6412319","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,6416317","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Filter: srvnet.sys, 1: srvnet.sys"
"12:27:25,6422311","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:25,6449611","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,6455204","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:25,6457220","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,6463592","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,6467287","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,6470841","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,6497306","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,6500553","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:25,6502186","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:25,6508203","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,6511805","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,6515028","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,6528669","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,6532615","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:25,6535825","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,6562350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 159.852, Length: 4.096"
"12:27:25,6565923","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 159.744, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,6581360","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:25,6612280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,6654773","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 155.136, Length: 4.096"
"12:27:25,6658379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 151.552, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,6684382","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 159.232, Length: 4.096"
"12:27:25,6703238","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 163.328, Length: 4.096"
"12:27:25,6706499","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 96.768, Length: 4.096"
"12:27:25,6711677","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:25,6765194","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,6789232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 52.224, Length: 4.096"
"12:27:25,6820511","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 98.816, Length: 4.096"
"12:27:25,6858214","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 159.852, Length: 4.096"
"12:27:25,6864302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,6872661","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:25,6876337","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 159.852, Length: 4.096"
"12:27:25,6881525","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,6887113","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:25,6892343","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:25,6897563","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:25,6906417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:25,6911968","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:25,6916862","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:25,6925623","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:25,6932508","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:25,6938167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:25,6946592","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:25,6952587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:25,6957797","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:25,6963437","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:25,6968644","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:25,6974279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:25,6979485","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:25,6987877","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:25,6993116","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:25,6998336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:25,7003547","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:25,7008749","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:25,7013955","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:25,7023653","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:25,7029219","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:25,7034443","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:25,7039650","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:25,7044529","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:25,7049726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:25,7055697","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:25,7060581","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:25,7069804","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:25,7077833","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:25,7083370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:25,7089015","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:25,7094225","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:25,7099870","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:25,7105076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:25,7113137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:25,7120298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:25,7131401","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:25,7137829","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 167.936, Length: 512"
"12:27:25,7152692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 159.852, Length: 4.096"
"12:27:25,7157884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,7162344","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:25,7166761","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:25,7171170","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:25,7175578","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:25,7179996","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:25,7184404","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:25,7188813","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:25,7193226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:25,7197639","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:25,7202043","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:25,7206456","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:25,7210864","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:25,7215273","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:25,7220092","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:25,7224509","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:25,7228913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:25,7233322","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:25,7237735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:25,7242148","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:25,7246556","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:25,7250979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:25,7255392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:25,7259814","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:25,7264223","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:25,7268636","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:25,7273049","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:25,7277467","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:25,7281884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:25,7286293","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:25,7290692","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:25,7295100","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:25,7299513","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:25,7303926","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:25,7308325","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:25,7312785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:25,7317544","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:25,7323580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:25,7328026","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:25,7332448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:25,7336875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:25,7341610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 167.936, Length: 512"
"12:27:25,7358078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 159.852, Length: 4.096"
"12:27:25,7435167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 167.936, Length: 512"
"12:27:25,7560674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srvnet.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,8015927","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:25,8021137","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,8023587","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:25,8025975","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:25,8027622","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:25,8029581","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:25,8031592","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:25,8064932","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:25,8074146","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,8114078","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:25,8144051","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,8150489","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.391.478, Length: 16.200"
"12:27:25,8173384","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,8178180","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\tcpipreg.sys","NO SUCH FILE","Filter: tcpipreg.sys"
"12:27:25,8181343","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:25,8196653","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,8200619","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Filter: tcpipreg.sys, 1: tcpipreg.sys"
"12:27:25,8204649","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:25,8232751","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,8238326","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:25,8240341","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,8247586","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,8253940","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,8259183","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,8290849","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,8294460","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:25,8299451","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:25,8308702","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,8313554","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,8318704","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,8334005","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,8338003","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:25,8341572","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,8368087","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 38.500, Length: 4.096"
"12:27:25,8373681","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:25,8390125","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 9.276, Length: 4.096"
"12:27:25,8406984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,8458267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 38.400, Length: 4.096"
"12:27:25,8463823","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 27.136, Length: 4.096"
"12:27:25,8483471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 40.448, Length: 4.096"
"12:27:25,8497126","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,8568496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 38.500, Length: 4.096"
"12:27:25,8572064","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,8579295","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 31.744, Length: 4.096"
"12:27:25,8583270","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 38.500, Length: 4.096"
"12:27:25,8588135","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,8593719","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:25,8598949","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:25,8604552","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:25,8609762","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:25,8614964","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:25,8620622","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:25,8628707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:25,8635126","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:25,8640701","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:25,8645921","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:25,8651127","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 45.056, Length: 512"
"12:27:25,8665626","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 38.500, Length: 4.096"
"12:27:25,8670454","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,8675203","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:25,8679602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:25,8683703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:25,8688106","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:25,8692505","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:25,8696914","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:25,8701313","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:25,8705726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:25,8710139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:25,8714548","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:25,8719404","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 45.056, Length: 512"
"12:27:25,8734574","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 38.500, Length: 4.096"
"12:27:25,8803234","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 42.596, Length: 2.972"
"12:27:25,8910314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\tcpipreg.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,8976184","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,8979039","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,8980285","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,8981470","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,8982645","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,8985038","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,8986274","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976357, endtime: 976357, seqnum: 0, connid: 0"
"12:27:25,9076286","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.818.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9079518","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.818.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9081487","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.818.739, Length: 4.380"
"12:27:25,9085098","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.823.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9118742","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.823.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9121937","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.823.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9123925","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.823.119, Length: 4.380"
"12:27:25,9127120","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.827.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9336196","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9338972","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9340595","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:25,9342946","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976357, endtime: 976357, seqnum: 0, connid: 0"
"12:27:25,9365362","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9367759","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9369005","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9370251","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9371804","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9374594","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:25,9376231","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976357, endtime: 976357, seqnum: 0, connid: 0"
"12:27:25,9402980","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.827.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9406218","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.827.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9408625","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.827.499, Length: 3.472"
"12:27:25,9412254","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.830.971, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9451454","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.830.971, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9454258","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.830.971, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9456240","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.830.971, Length: 8.208"
"12:27:25,9460262","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.839.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9562178","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:25,9566535","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:25,9568966","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:25,9571326","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:25,9572987","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:25,9574960","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:25,9576975","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:25,9611884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:25,9616674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,9649446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:25,9668582","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9671400","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9673410","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976357, endtime: 976357, seqnum: 0, connid: 0"
"12:27:25,9685670","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,9689439","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9691063","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9692042","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 235.284, Length: 16.200"
"12:27:25,9692229","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9693078","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9694244","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9695494","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976357, endtime: 976357, seqnum: 0, connid: 0"
"12:27:25,9713688","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,9718563","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\srv2.sys","NO SUCH FILE","Filter: srv2.sys"
"12:27:25,9722145","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:25,9738188","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,9741113","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.839.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9742182","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Filter: srv2.sys, 1: srv2.sys"
"12:27:25,9743917","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.839.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9745554","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.839.179, Length: 2.920"
"12:27:25,9747448","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:25,9748358","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.842.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9773908","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,9779147","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:25,9781167","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,9787558","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,9791173","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,9794392","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,9833849","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,9837903","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:25,9839904","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:25,9846710","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,9850704","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:25,9854333","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:25,9869919","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:25,9872060","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.842.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9874742","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:25,9874864","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.842.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9876814","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.842.099, Length: 5.840"
"12:27:25,9878432","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:25,9881259","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.847.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9906847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 305.772, Length: 4.096"
"12:27:25,9908466","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.847.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9910481","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 303.104, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,9911283","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.847.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9912916","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.847.939, Length: 1.460"
"12:27:25,9915673","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.849.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:25,9926794","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 224, Length: 4.096"
"12:27:25,9958106","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:25,9971564","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 371.214, Length: 4.096"
"12:27:25,9975604","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 368.640, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:25,9987094","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9990238","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:25,9992244","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976358, endtime: 976358, seqnum: 0, connid: 0"
"12:27:25,9995528","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 60, Length: 4.096"
"12:27:26,0004798","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 371.214, Length: 4.096"
"12:27:26,0005507","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0007154","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0008325","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0009575","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976358, endtime: 976358, seqnum: 0, connid: 0"
"12:27:26,0027866","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,0036100","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 305.664, Length: 4.096"
"12:27:26,0041306","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 309.760, Length: 4.096"
"12:27:26,0044502","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 311.296, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,0057676","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 107.008, Length: 4.096"
"12:27:26,0063735","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.849.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,0066544","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.849.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,0068480","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.849.399, Length: 2.920"
"12:27:26,0074679","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.852.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,0077735","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 311.808, Length: 4.096"
"12:27:26,0080949","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 315.392, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,0134303","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 109.056, Length: 4.096"
"12:27:26,0144263","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 315.904, Length: 4.096"
"12:27:26,0147481","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 319.488, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,0163940","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.852.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,0169071","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,0170074","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.852.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,0174100","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.852.319, Length: 4.380"
"12:27:26,0177729","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.856.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,0231283","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 305.772, Length: 4.096"
"12:27:26,0234073","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,0241271","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 132.608, Length: 4.096"
"12:27:26,0244485","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 131.072, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,0258424","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 305.772, Length: 4.096"
"12:27:26,0264839","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,0270469","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:26,0275694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:26,0281316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:26,0286858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:26,0291756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:26,0296967","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:26,0302168","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:26,0307370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:26,0312571","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:26,0318188","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:26,0323837","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:26,0329048","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:26,0334245","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:26,0339451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:26,0344704","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:26,0350241","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:26,0355139","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:26,0360341","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:26,0365542","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:26,0370744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:26,0375945","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:26,0381142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:26,0386031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:26,0391218","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:26,0396415","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:26,0401617","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:26,0406496","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:26,0411693","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:26,0416899","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:26,0427633","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:26,0435671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:26,0442468","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:26,0449279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:26,0454924","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:26,0460181","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:26,0466572","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:26,0472175","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:26,0477395","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:26,0483030","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:26,0489799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:26,0495434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:26,0501905","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:26,0509201","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:26,0515251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:26,0523644","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:26,0530473","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:26,0536160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:26,0541753","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:26,0547001","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:26,0552529","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:26,0558990","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:26,0565372","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:26,0572211","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:26,0578247","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:26,0583827","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:26,0589038","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:26,0594300","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:26,0599520","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:26,0606251","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:26,0612876","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:26,0621385","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:26,0630290","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:26,0637563","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:26,0644728","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:26,0651609","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:26,0658756","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:26,0665618","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:26,0672471","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:26,0679655","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:26,0686475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:26,0693310","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:26,0700475","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:26,0707291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:26,0714144","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:26,0721346","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:26,0728199","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:26,0735061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:26,0742246","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:26,0749444","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:26,0756297","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:26,0763467","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:26,0769937","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:26,0776776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:26,0783946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:26,0791181","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:26,0797614","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:26,0802863","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:26,0808428","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:26,0813634","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:26,0819671","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:26,0825712","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:26,0832504","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:26,0839324","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:26,0845384","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:26,0851383","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:26,0857378","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:26,0862603","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:26,0868989","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:26,0874643","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:26,0879854","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 409.600, Length: 512"
"12:27:26,0895514","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 305.772, Length: 4.096"
"12:27:26,0901504","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,0906342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:26,0911510","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:26,0916362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:26,0922203","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:26,0927432","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:26,0932666","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:26,0937956","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:26,0943172","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:26,0948704","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:26,0954410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:26,0959625","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:26,0964062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:26,0968470","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:26,0971423","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0972906","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:26,0974269","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0975822","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0976690","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0977861","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0978108","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:26,0981033","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0981901","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0983314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:26,0983468","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0984322","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,0985870","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 13140, startime: 976359, endtime: 976359, seqnum: 0, connid: 0"
"12:27:26,0988875","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:26,0994137","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:26,0999357","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:26,1002161","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,1004927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:26,1005361","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976359, endtime: 976359, seqnum: 0, connid: 0"
"12:27:26,1010133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:26,1017243","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:26,1024100","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:26,1028896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:26,1033323","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:26,1037741","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:26,1042149","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:26,1046557","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:26,1050971","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:26,1055379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:26,1059787","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:26,1064191","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:26,1068600","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:26,1073008","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:26,1077407","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:26,1081820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:26,1086233","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:26,1090646","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:26,1095045","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:26,1099132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:26,1103886","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:26,1106036","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.856.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1108299","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:26,1109642","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.856.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1112073","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.856.699, Length: 13.140"
"12:27:26,1112726","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:26,1116854","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.869.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1117148","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:26,1121995","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:26,1128913","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:26,1134577","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:26,1140142","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:26,1144980","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:26,1148959","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.869.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1150148","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:26,1151786","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.869.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1153419","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.869.839, Length: 1.460"
"12:27:26,1154613","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:26,1156609","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.871.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1159031","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:26,1163434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:26,1167838","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:26,1172242","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:26,1176641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:26,1181455","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:26,1185873","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:26,1190267","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:26,1194681","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:26,1198776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:26,1203535","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:26,1207938","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:26,1212342","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:26,1216746","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:26,1222363","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:26,1227648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:26,1233204","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:26,1238434","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:26,1243663","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:26,1248995","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:26,1254248","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:26,1259795","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:26,1264674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:26,1270240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:26,1275464","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:26,1280708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:26,1286362","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:26,1291768","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:26,1297516","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:26,1298519","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,1301756","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976359, endtime: 976359, seqnum: 0, connid: 0"
"12:27:26,1302717","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:26,1307947","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:26,1310503","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,1312150","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976359, endtime: 976359, seqnum: 0, connid: 0"
"12:27:26,1313195","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:26,1319133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:26,1324409","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:26,1329984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:26,1336678","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:26,1345472","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:26,1350328","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:26,1355553","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:26,1358338","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:26,1360740","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:26,1370308","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,1371591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:26,1373191","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:27:26,1376345","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:27:26,1376448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:26,1378822","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:26,1381197","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:26,1385610","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:26,1392379","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:26,1399651","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:26,1405688","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:26,1410507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:26,1415279","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 409.600, Length: 512"
"12:27:26,1434690","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.871.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1439574","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.871.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1442322","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.871.299, Length: 1.460"
"12:27:26,1444239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 305.772, Length: 4.096"
"12:27:26,1445588","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.872.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1529716","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.872.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1533000","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.872.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1535412","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.872.759, Length: 1.460"
"12:27:26,1538556","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.874.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1617497","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,1621075","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976359, endtime: 976359, seqnum: 0, connid: 0"
"12:27:26,1638322","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,1640752","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,1642376","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,1644396","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976359, endtime: 976359, seqnum: 0, connid: 0"
"12:27:26,1649910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv2.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,1674564","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.874.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1677368","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.874.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1679332","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.874.219, Length: 1.460"
"12:27:26,1682182","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.875.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1737672","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.875.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1743284","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.875.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1746125","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.875.679, Length: 2.920"
"12:27:26,1749316","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.878.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1775664","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.878.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1778911","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.879.104, EndOfFile: 408.878.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1784117","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.878.599, Length: 1.460, Priority: Normal"
"12:27:26,1805324","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.880.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,1824651","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Graf_Fenryl-PC:55048","SUCCESS","Length: 32, seqnum: 0, connid: 0"
"12:27:26,1829405","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes079.wohnheim.uni-kl.de:55180","SUCCESS","Length: 32, seqnum: 0, connid: 0"
"12:27:26,2037217","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,2040468","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,2043258","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976360, endtime: 976360, seqnum: 0, connid: 0"
"12:27:26,2056059","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,2058456","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,2060462","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976360, endtime: 976360, seqnum: 0, connid: 0"
"12:27:26,2105251","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.880.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2108857","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.880.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2111278","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.880.059, Length: 2.920"
"12:27:26,2114894","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.882.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2147759","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.882.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2150590","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.882.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2152237","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.882.979, Length: 2.920"
"12:27:26,2155395","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.885.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2373363","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,2377332","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976360, endtime: 976360, seqnum: 0, connid: 0"
"12:27:26,2394546","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,2396949","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,2398162","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,2399790","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976360, endtime: 976360, seqnum: 0, connid: 0"
"12:27:26,2413934","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:26,2421072","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,2424337","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:26,2427528","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:26,2429977","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:26,2431069","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.885.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2432767","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:26,2435920","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:26,2437082","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.885.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2439876","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.885.899, Length: 1.460"
"12:27:26,2443515","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.887.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2462917","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.887.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2465716","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.887.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2467684","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.887.359, Length: 4.380"
"12:27:26,2471314","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.891.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2473282","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:26,2478120","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,2510000","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:26,2542506","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,2548132","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 28.410, Length: 16.200"
"12:27:26,2569036","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,2573818","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\srv.sys","NO SUCH FILE","Filter: srv.sys"
"12:27:26,2576654","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:26,2593084","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,2597073","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\srv.sys","SUCCESS","Filter: srv.sys, 1: srv.sys"
"12:27:26,2600721","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:26,2627997","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,2633586","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:26,2635601","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:26,2642006","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,2645617","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:26,2648840","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:26,2674964","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,2678514","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:26,2680133","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:26,2686165","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,2689762","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:26,2692985","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:26,2695327","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,2698872","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976360, endtime: 976360, seqnum: 0, connid: 0"
"12:27:26,2706252","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,2709872","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:26,2713390","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:26,2739948","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 452.716, Length: 4.096"
"12:27:26,2743549","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 450.560, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,2747715","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Graf_Fenryl-PC:55048","SUCCESS","Length: 32, seqnum: 0, connid: 0"
"12:27:26,2752147","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes079.wohnheim.uni-kl.de:55180","SUCCESS","Length: 32, seqnum: 0, connid: 0"
"12:27:26,2758859","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.891.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2762438","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.891.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2764089","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.891.739, Length: 1.460"
"12:27:26,2766879","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.893.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,2767933","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 232, Length: 4.096"
"12:27:26,2798778","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,2840576","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 452.608, Length: 4.096"
"12:27:26,2846123","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 456.704, Length: 4.096"
"12:27:26,2848997","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 458.752, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,2862007","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 82.432, Length: 4.096"
"12:27:26,2871239","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:26,2897727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:26,2900927","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 462.848, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,2933354","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 84.480, Length: 4.096"
"12:27:26,2943785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 464.896, Length: 2.560"
"12:27:26,2947004","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 466.944, Length: 512, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,2976785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,3042963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 452.716, Length: 4.096"
"12:27:26,3045780","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,3053370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 112.128, Length: 4.096"
"12:27:26,3057028","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 452.716, Length: 4.096"
"12:27:26,3062187","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,3067463","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:26,3072693","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:26,3078309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:26,3083861","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:26,3089076","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:26,3093965","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:26,3099167","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:26,3104373","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:26,3109579","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:26,3114785","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:26,3120831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:26,3126452","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:26,3131663","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:26,3136869","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:26,3142486","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:26,3147706","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:26,3152912","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:26,3158123","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:26,3163329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:26,3168526","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:26,3173405","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:26,3178602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:26,3183799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:26,3189005","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:26,3194207","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:26,3199403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:26,3204302","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:26,3209503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:26,3214709","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:26,3220727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:26,3226316","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:26,3231550","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:26,3236751","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:26,3241976","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:26,3247182","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:26,3252426","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:26,3257641","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:26,3262838","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:26,3268044","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:26,3273246","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:26,3278452","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:26,3283649","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:26,3288929","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:26,3294896","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:26,3300527","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:26,3305747","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:26,3310948","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:26,3315832","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:26,3323847","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:26,3330187","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:26,3336260","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:26,3343062","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:26,3348319","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:26,3353521","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:26,3358727","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:26,3363929","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:26,3369130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:26,3374336","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:26,3379533","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:26,3384417","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:26,3389623","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:26,3394820","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:26,3400059","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:26,3405288","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:26,3410490","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:26,3415696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:26,3422092","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:26,3427349","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:26,3432555","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:26,3437761","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:26,3442963","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:26,3448164","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:26,3453366","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:26,3458992","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:26,3464226","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:26,3469428","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:26,3474620","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:26,3479509","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:26,3484710","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:26,3489916","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:26,3495118","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:26,3500314","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:26,3505511","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:26,3510410","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:26,3515606","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:26,3522394","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:26,3528034","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:26,3533254","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:26,3538451","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:26,3543662","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:26,3548858","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:26,3553743","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:26,3558935","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:26,3564136","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:26,3569370","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:26,3574567","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:26,3579769","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:26,3584952","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:26,3589831","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:26,3595028","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:26,3600225","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:26,3605408","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:26,3610301","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:26,3615503","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:26,3622304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:26,3628359","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:26,3633897","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:26,3638786","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:26,3643982","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:26,3649179","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:26,3654371","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:26,3659256","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:26,3664448","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:26,3669645","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 466.944, Length: 512"
"12:27:26,3683668","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 452.716, Length: 4.096"
"12:27:26,3688505","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,3692946","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:26,3697355","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:26,3701763","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:26,3706172","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:26,3710580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:26,3714984","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:26,3719826","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:26,3724580","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:26,3728979","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:26,3733079","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:26,3737474","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:26,3741882","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:26,3746286","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:26,3750694","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:26,3755103","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:26,3759507","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:26,3763910","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:26,3768309","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:26,3772708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:26,3776804","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:26,3781203","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:26,3785607","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:26,3790016","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:26,3794419","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:26,3798828","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:26,3803232","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:26,3807640","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:26,3812044","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:26,3816130","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:26,3821663","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:26,3826902","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:26,3831753","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:26,3836568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:26,3840995","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:26,3841195","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:26,3845590","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:26,3845744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:26,3849191","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:26,3850171","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:26,3852069","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:26,3854449","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:26,3854593","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:26,3856492","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:26,3859020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:26,3859235","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:26,3861679","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:26,3863452","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:26,3864049","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:26,3866442","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:26,3867884","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:26,3869274","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:26,3871695","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:26,3873034","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:26,3873687","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:26,3875744","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:26,3877480","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:26,3877708","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:26,3879700","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:26,3881715","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,3881911","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:26,3883362","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:26,3885709","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:26,3886329","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:26,3887743","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:26,3889763","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:26,3890742","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:26,3892146","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:26,3894162","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:26,3895160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:26,3896200","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:26,3898150","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:26,3899568","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:26,3900175","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:26,3901812","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:26,3903781","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:26,3903986","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:26,3905792","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,3907410","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:26,3908399","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:26,3909421","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,3912803","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:26,3917025","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,3917216","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:26,3920640","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,3923444","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,3923994","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:26,3925487","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:26,3928235","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,3928846","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:26,3930273","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,3932284","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,3933278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:26,3934659","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,3936669","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,3938013","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:26,3939048","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,3940718","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:26,3942430","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:26,3943088","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,3944735","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:26,3946848","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:26,3948313","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,3950338","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,3951257","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:26,3952721","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,3954732","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:26,3956132","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:26,3957121","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,3959131","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,3961137","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,3961324","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:26,3963176","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,3965177","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,3966133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:26,3967547","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,3969198","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:26,3970579","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:26,3971596","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,3975403","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:26,3976014","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:26,3980949","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:26,3985376","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:26,3989314","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,3989799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:26,3992533","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,3994245","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:26,3995789","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,3998159","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:26,3998662","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:26,4000972","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,4003369","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,4003430","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:26,4005389","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,4007428","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,4007876","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:26,4009434","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,4011818","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,4012298","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:26,4013805","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:26,4016175","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,4016721","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:26,4017822","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:26,4022659","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:26,4028280","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:26,4028752","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,4033127","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,4033566","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:26,4037181","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,4039173","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:26,4040722","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:26,4043992","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,4044725","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:26,4049208","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:26,4053635","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:26,4058043","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:26,4062442","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:26,4066860","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:26,4067406","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,4071044","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,4071278","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:26,4074627","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,4075696","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:26,4076703","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:26,4079516","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,4080109","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:26,4081881","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,4084288","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,4084517","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:26,4087125","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,4088935","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:26,4089541","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:26,4092289","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,4093348","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:26,4094295","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:26,4096371","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:26,4097761","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:26,4098344","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:26,4102160","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:26,4106573","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:26,4110977","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:26,4115385","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:26,4120591","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:26,4125849","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:26,4131004","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:26,4135435","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:26,4139844","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:26,4144252","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:26,4148665","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:26,4153074","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:26,4157482","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:26,4161891","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:26,4166299","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:26,4170708","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:26,4174799","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:26,4179198","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:26,4183602","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:26,4188015","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:26,4192423","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:26,4196832","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:26,4201240","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:26,4205648","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:26,4210061","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 466.944, Length: 512"
"12:27:26,4229291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 452.716, Length: 4.096"
"12:27:26,4425538","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\srv.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,4626749","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:26,4630350","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:26,4633989","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:26,4637595","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:26,4641205","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:26,4734412","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:26,4738410","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,4740850","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:26,4743243","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:26,4745207","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:26,4749153","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:26,4753133","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:26,4795724","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\srv.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Synchronous"
"12:27:26,4801765","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\srv.sys.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,4822954","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\srv.sys.mui","SUCCESS","Offset: 184, Length: 2.376"
"12:27:26,4846615","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\de-DE\srv.sys.mui","SUCCESS","Offset: 0, Length: 2.560"
"12:27:26,4854279","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.822.398, Length: 16.200"
"12:27:26,4883533","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,4889551","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\de-DE\srv.sys.mui","NO SUCH FILE","Filter: srv.sys.mui"
"12:27:26,4893596","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers\de-DE","SUCCESS",""
"12:27:26,4921301","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,4929344","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\de-DE\srv.sys.mui","SUCCESS","Filter: srv.sys.mui, 1: srv.sys.mui"
"12:27:26,4934942","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers\de-DE","SUCCESS",""
"12:27:26,4959354","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,4969659","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:26,4973260","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:26,4979502","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,4986737","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:26,4988776","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:26,4992107","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,4999599","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,5004394","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:26,5008052","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:26,5033173","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5040100","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,5040394","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:26,5042395","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,5043692","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:26,5045339","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:26,5049192","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5051749","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,5054016","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:26,5057099","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:26,5058443","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,5067922","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:26,5087772","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5091947","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,5093407","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:26,5097167","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:26,5097419","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,5100773","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:26,5111437","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5115897","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:26,5120693","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,5142530","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5147764","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:26,5151328","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,5176649","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5182201","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:26,5183852","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,5207135","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5211539","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:26,5213162","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,5239967","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5245589","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:26,5248029","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,5276910","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5282536","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,5284952","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,5313432","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5319482","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,5322211","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:26,5349977","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5355538","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:26,5357600","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:26,5384023","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5389289","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:26,5392018","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:26,5424431","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5430929","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:26,5433271","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,5458182","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5462549","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:26,5464177","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,5485850","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5489862","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:26,5491490","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:26,5497443","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5501543","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,5508326","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5513910","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:26,5515911","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,5530364","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5536046","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:26,5538817","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:26,5547885","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:26,5551076","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x6200000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:26,5553894","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,5565552","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5571943","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:26,5574364","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:26,5590817","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,5631995","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5637267","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:26,5639263","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,5645673","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5650469","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:26,5654485","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,5657303","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Rebecca-PC:51299","SUCCESS","Length: 28, seqnum: 0, connid: 0"
"12:27:26,5665359","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes192.wohnheim.uni-kl.de:63647","SUCCESS","Length: 28, seqnum: 0, connid: 0"
"12:27:26,5668144","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5672581","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:26,5676154","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,5689002","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5693401","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:26,5696256","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,5709481","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5713875","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:26,5717052","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,5753901","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5759961","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:26,5762755","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,5792434","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5797691","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:26,5800472","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,5830645","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5835417","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:26,5837078","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,5860356","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5865562","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,5867932","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,5890413","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5894807","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,5897718","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:26,5923819","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5928232","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:26,5929860","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:26,5953083","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5957491","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:26,5959903","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:26,5982383","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,5986423","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:26,5988364","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,6011260","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6015323","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:26,6017264","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,6045002","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6049373","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:26,6050996","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:26,6056646","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6061422","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,6068686","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6074657","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:26,6076658","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,6087537","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:26,6091134","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6091918","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,6094348","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:26,6096760","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:26,6097497","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:26,6098738","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:26,6099951","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:26,6100394","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:26,6102726","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:26,6108609","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:26,6111809","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x6200000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:26,6114631","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,6136860","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:26,6139403","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:26,6141674","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,6160656","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:26,6178477","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6180291","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,6184676","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:26,6185908","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.195.834, Length: 16.200"
"12:27:26,6187051","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,6193535","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6198695","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:26,6202375","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,6214766","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,6217159","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6219235","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\vwifimp.sys","NO SUCH FILE","Filter: vwifimp.sys"
"12:27:26,6222454","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:26,6225556","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:26,6229983","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,6246436","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,6254339","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Filter: vwifimp.sys, 1: vwifimp.sys"
"12:27:26,6254763","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6259970","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:26,6261210","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:26,6265213","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,6280836","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6285664","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:26,6288860","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,6291654","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,6297271","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:26,6299295","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:26,6306092","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,6309731","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:26,6313384","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:26,6313743","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6318963","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:26,6321352","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,6343034","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,6344635","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6346599","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:26,6348245","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:26,6349038","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:26,6351030","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,6354683","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,6358298","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:26,6361531","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:26,6373082","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6376739","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,6377145","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:26,6379090","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,6380732","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:26,6383965","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:26,6400764","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6404790","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,6406409","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,6410803","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 14.972, Length: 2.948"
"12:27:26,6416056","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:26,6427672","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6431683","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,6433270","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 13.832, Length: 4.088"
"12:27:26,6433661","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:26,6449765","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,6454938","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6458932","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:26,6460555","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:26,6480988","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6484990","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:26,6486614","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:26,6490304","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 13.824, Length: 4.096"
"12:27:26,6494703","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 9.216, Length: 4.096"
"12:27:26,6507466","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6510312","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 16.384, Length: 1.536"
"12:27:26,6511147","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:26,6513083","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,6518350","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,6534374","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6538363","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:26,6539986","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,6560839","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6564827","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:26,6566451","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:26,6571727","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6576131","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,6577707","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 14.972, Length: 2.948"
"12:27:26,6580128","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,6582937","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6587392","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 10.240, Length: 4.096"
"12:27:26,6588525","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:26,6590559","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,6590587","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 14.972, Length: 2.948"
"12:27:26,6604153","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6609033","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:26,6612629","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:26,6615055","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:26,6622645","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,6631509","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:26,6635861","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,6656606","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Rebecca-PC:51299","SUCCESS","Length: 28, seqnum: 0, connid: 0"
"12:27:26,6661803","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes192.wohnheim.uni-kl.de:63647","SUCCESS","Length: 28, seqnum: 0, connid: 0"
"12:27:26,6758644","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\vwifimp.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,6834875","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,6875344","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6883405","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:26,6886614","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,6896187","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6905806","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:26,6911017","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,6933558","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6939529","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:26,6943933","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,6962047","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,6967641","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:26,6972399","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,6991684","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7008403","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:26,7013591","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,7043741","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7048527","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:26,7050174","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,7072626","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7077030","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:26,7078658","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,7100267","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7104306","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:26,7105930","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,7131550","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7135599","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,7137227","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,7159251","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7163277","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,7164891","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:26,7187357","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7191383","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:26,7193329","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:26,7214988","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7219835","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:26,7221459","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:26,7243911","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7247914","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:26,7249523","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,7273170","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:26,7277984","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,7279514","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7280788","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:26,7283200","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:26,7284697","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:26,7285201","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:26,7286703","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,7287202","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:26,7289246","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:26,7309982","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7314409","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:26,7316051","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:26,7326500","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:26,7326804","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7331744","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,7333577","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,7341596","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7347283","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:26,7349643","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,7350133","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:26,7365663","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7371275","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:26,7373701","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:26,7379737","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,7382788","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:26,7386105","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 407.490, Length: 16.200"
"12:27:26,7389189","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:26,7393210","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:26,7395659","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,7404471","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7410993","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,7411291","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:26,7414081","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:26,7415779","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\drivers\asyncmac.sys","NO SUCH FILE","Filter: asyncmac.sys"
"12:27:26,7420677","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\drivers","SUCCESS",""
"12:27:26,7431318","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,7442337","SavService.exe","1536","CreateFile","C:\Windows\System32\drivers","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,7445407","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,7446703","SavService.exe","1536","QueryDirectory","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Filter: asyncmac.sys, 1: asyncmac.sys"
"12:27:26,7450715","SavService.exe","1536","CloseFile","C:\Windows\System32\drivers","SUCCESS",""
"12:27:26,7479246","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,7484173","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7484844","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:26,7487606","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:26,7489327","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:26,7491333","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,7494422","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,7498186","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7501307","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:26,7503015","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:26,7505272","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:26,7507036","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,7523027","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7527492","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:26,7531084","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,7537386","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,7540960","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:26,7542597","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:26,7544351","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7549095","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:26,7549441","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,7552328","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,7553443","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:26,7557017","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:26,7565992","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7570400","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:26,7573582","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,7575929","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,7579898","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:26,7583122","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:26,7595675","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7599683","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:26,7601306","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,7610776","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 19.044, Length: 3.996"
"12:27:26,7616020","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 216, Length: 4.096"
"12:27:26,7628051","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7634866","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:26,7636872","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,7656446","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,7660561","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7664965","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,7666588","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,7688612","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7692665","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,7694294","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:26,7698492","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 18.944, Length: 4.096"
"12:27:26,7702928","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:26,7716364","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7719970","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 20.992, Length: 2.048"
"12:27:26,7721938","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:26,7724313","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:26,7737174","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,7751584","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7756833","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:26,7759235","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:26,7787300","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7792590","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:26,7795328","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,7819064","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 19.044, Length: 3.996"
"12:27:26,7823430","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7823449","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,7828660","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:26,7831076","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,7833450","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 17.408, Length: 4.096"
"12:27:26,7856766","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7861921","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:26,7864337","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:26,7872002","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7878011","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,7887261","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7895210","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:26,7898023","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,7915312","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,7923784","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:26,7927385","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:26,7936449","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:26,7941678","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,7962881","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:26,7963716","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 22.528, Length: 512"
"12:27:26,8041948","SavService.exe","1536","ReadFile","C:\Windows\System32\drivers\asyncmac.sys","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,8054879","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,8078204","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8082953","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:26,8084609","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,8090623","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8095418","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:26,8099066","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,8112660","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8117073","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:26,8123128","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,8141588","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8146337","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:26,8149206","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,8162426","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8166821","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:26,8169993","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,8192515","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,8214180","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8218943","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: DNCI"
"12:27:26,8220594","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,8241899","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8246252","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:26,8247880","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,8269940","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8273962","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,8275599","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,8298014","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8302040","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,8303664","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:26,8330432","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8336916","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:26,8339304","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:26,8364575","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8368974","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:26,8371390","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:26,8394641","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8398676","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:26,8400304","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,8425112","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8429148","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:26,8430766","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,8452836","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8456853","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:26,8458481","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:26,8464462","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8468898","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,8476539","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8482483","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:26,8484498","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,8499006","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:26,8546981","FlashPlayerPlugin_11_8_800_168.exe","8196","ReadFile","C:","SUCCESS","Offset: 39.960.576, Length: 104, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:26,8594727","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:26,8597895","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:26,8608596","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,8611041","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:26,8613466","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:26,8623823","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:26,8626248","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:26,8628693","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:26,8652792","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,8693854","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8699447","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:26,8701434","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,8707872","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8712682","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:26,8716717","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,8733170","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8737929","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:26,8741203","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,8754788","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8759234","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:26,8763218","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,8777287","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8781719","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:26,8784905","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,8810133","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8814621","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, FileAttributes: ANCI"
"12:27:26,8816576","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,8840213","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8844272","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, FileAttributes: DNCI"
"12:27:26,8845895","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,8867933","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8871968","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:26,8873927","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,8895246","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8899249","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,8900872","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,8923749","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8928116","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,8930108","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:26,8952556","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8956568","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:26,8958205","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:26,8979436","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,8983867","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:26,8985500","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:26,9007188","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9011176","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:26,9012804","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,9046294","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9051505","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:26,9053511","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,9076761","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9081151","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:26,9082784","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:26,9088760","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9093210","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,9100012","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9105064","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:26,9106403","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:26,9108437","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,9109099","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:26,9111861","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:26,9114249","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:26,9115896","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:26,9118285","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:26,9120664","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:26,9124069","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9131323","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:26,9134939","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:26,9137682","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:26,9145999","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:26,9149965","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:26,9154000","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:26,9156038","SavService.exe","1536","ReadFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:26,9156463","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:24, LastWriteTime: 06.10.2013 12:27:24, ChangeTime: 06.10.2013 12:27:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:26,9164827","SavService.exe","1536","ReadFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Offset: 192, Length: 4.096"
"12:27:26,9168447","SavService.exe","1536","ReadFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Offset: 4.096, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:26,9188558","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,9210362","SavService.exe","1536","ReadFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,9216408","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.503.446, Length: 16.200"
"12:27:26,9228575","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9234154","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, FileAttributes: ANCI"
"12:27:26,9236150","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:26,9237667","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,9242467","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\apisetschema.dll","SUCCESS","Filter: apisetschema.dll, 1: apisetschema.dll"
"12:27:26,9242602","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9246899","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:26,9247416","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:26,9251438","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,9262928","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,9265853","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9266944","SavService.exe","1536","QueryDirectory","C:\Windows\System32\apisetschema.dll","SUCCESS","Filter: apisetschema.dll, 1: apisetschema.dll"
"12:27:26,9270303","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:26,9270900","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:26,9273881","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,9288343","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9292760","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:26,9295951","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,9298200","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,9303434","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:26,9305449","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:26,9309237","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9312283","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,9313991","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:26,9316295","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:26,9316864","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,9320326","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:26,9342522","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9347308","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, FileAttributes: ANCI"
"12:27:26,9348946","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:26,9357804","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,9362577","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:26,9364629","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:26,9371832","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9375466","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,9376194","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, FileAttributes: DNCI"
"12:27:26,9378582","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,9379902","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:26,9391117","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:26,9400652","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9404674","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:26,9406297","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:26,9410738","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:26,9414745","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:26,9419592","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:26,9428740","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9432762","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,9434380","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,9455233","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9459240","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:26,9460864","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:26,9481758","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9485751","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:26,9487370","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:26,9507821","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9511815","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:26,9513424","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:26,9539142","SavService.exe","1536","ReadFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Offset: 4.608, Length: 2.048"
"12:27:26,9546616","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9548733","SavService.exe","1536","ReadFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,9551500","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:26,9553492","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,9575954","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9580320","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:26,9581948","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,9589725","SavService.exe","1536","ReadFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Offset: 4.096, Length: 2.560"
"12:27:26,9603239","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9607634","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:26,9609266","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:26,9615219","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9628864","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,9635750","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9641366","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:26,9643372","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,9645835","SavService.exe","1536","ReadFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,9658604","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9669664","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:26,9674511","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:26,9677665","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:26,9686346","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:26,9690409","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, FileAttributes: ANCI"
"12:27:26,9705253","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:26,9738142","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,9740992","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,9743003","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976367, endtime: 976367, seqnum: 0, connid: 0"
"12:27:26,9754908","SavService.exe","1536","ReadFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Offset: 4.096, Length: 2.560"
"12:27:26,9760650","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,9762227","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:26,9763790","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976367, endtime: 976367, seqnum: 0, connid: 0"
"12:27:26,9808383","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,9838836","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9843305","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, FileAttributes: DNCI"
"12:27:26,9845301","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:26,9851343","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9856148","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:26,9860150","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:26,9864568","SavService.exe","1536","ReadFile","C:\Windows\System32\apisetschema.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:26,9873795","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9878549","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:26,9883802","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:26,9897041","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9901463","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:26,9904645","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:26,9919498","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9923958","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:26,9927144","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:26,9952004","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:26,9973664","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:26,9977689","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, FileAttributes: DNCI"
"12:27:26,9979639","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:27,0000525","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0004541","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:27,0006169","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:27,0027871","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0031873","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:27,0033809","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:27,0055110","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0059476","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:27,0061132","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:27,0069277","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0072431","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0074451","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976368, endtime: 976368, seqnum: 0, connid: 0"
"12:27:27,0082773","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0084877","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0086515","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0086766","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:27,0088082","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976368, endtime: 976368, seqnum: 0, connid: 0"
"12:27:27,0088395","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:27,0109686","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0113688","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:27,0115312","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:27,0146600","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0150635","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:27,0152576","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:27,0173857","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0177860","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:27,0179516","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:27,0201535","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0205565","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:27,0207198","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:27,0213183","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0217960","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:27,0224850","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0230462","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:27,0232482","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:27,0240082","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, FileAttributes: ANCI"
"12:27:27,0253442","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:27,0309576","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:27,0353740","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:27,0355340","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:27, LastWriteTime: 06.10.2013 12:27:27, ChangeTime: 06.10.2013 12:27:27, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:27,0374406","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:27,0382052","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:26, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:27,0391419","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0391853","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:27,0394246","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0396098","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:27,0396238","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,0396252","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976368, endtime: 976368, seqnum: 0, connid: 0"
"12:27:27,0398682","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:27,0401080","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:27,0403039","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:27,0404672","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:27,0406669","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0407065","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:27,0408665","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0410233","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976368, endtime: 976368, seqnum: 0, connid: 0"
"12:27:27,0449601","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:27,0454368","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:27,0486235","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 224, Length: 4.096"
"12:27:27,0515485","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,0522337","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.708.026, Length: 16.200"
"12:27:27,0532377","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:27,0537979","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:27,0544002","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:27,0549618","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:27,0554839","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:27,0560059","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:27,0565260","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:27,0570485","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:27,0575691","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:27,0580893","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:27,0586099","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:27,0591300","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:27,0596506","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:27,0601400","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:27,0606979","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:27,0612199","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:27,0618185","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:27,0624977","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:27,0630244","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:27,0635454","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:27,0640661","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:27,0645867","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:27,0651068","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:27,0656755","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:27,0661975","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:27,0667172","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:27,0672378","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:27,0677579","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:27,0682781","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:27,0687978","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:27,0693240","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:27,0698474","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:27,0703694","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:27,0708900","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:27,0713658","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0714932","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:27,0716887","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976368, endtime: 976368, seqnum: 0, connid: 0"
"12:27:27,0720894","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:27,0726105","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:27,0730518","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0731339","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:27,0732911","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0734105","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,0735365","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976368, endtime: 976368, seqnum: 0, connid: 0"
"12:27:27,0739568","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:27,0747783","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:27,0753414","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:27,0758648","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:27,0763854","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:27,0769060","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:27,0774266","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:27,0779463","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:27,0784674","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:27,0789880","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:27,0794769","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:27,0799966","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:27,0805162","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:27,0810359","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:27,0815612","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:27,0822451","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:27,0828007","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:27,0833236","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:27,0838480","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:27,0843709","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:27,0848915","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:27,0854126","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:27,0859337","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:27,0864552","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:27,0870164","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:27,0875399","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:27,0882205","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:27,0887434","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:27,0892650","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:27,0897847","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:27,0903053","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:27,0908250","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:27,0913451","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:27,0919506","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:27,0925883","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:27,0930781","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:27,0935978","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:27,0941180","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:27,0946386","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:27,0951592","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:27,0956789","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:27,0961986","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:27,0966879","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:27,0972076","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:27,0977292","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:27,0978756","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.893.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,0982344","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.893.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,0982507","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:27,0985138","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.893.199, Length: 5.840"
"12:27:27,0991842","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:27,0994146","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.899.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,0999100","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:27,1004698","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:27,1009937","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:27,1012120","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.899.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1015162","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:27,1016991","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.899.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1026339","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.899.039, Length: 2.920"
"12:27:27,1027300","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:27,1029563","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.901.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1036509","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:27,1044104","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:27,1051418","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:27,1052851","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.901.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1055636","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.901.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1057264","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.901.959, Length: 2.920"
"12:27:27,1058686","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:27,1060459","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.904.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1066458","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:27,1067727","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1070895","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1072915","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976369, endtime: 976369, seqnum: 0, connid: 0"
"12:27:27,1073680","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:27,1080556","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:27,1085706","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1086966","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1087768","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:27,1088146","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1089405","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976369, endtime: 976369, seqnum: 0, connid: 0"
"12:27:27,1094556","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:27,1101413","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:27,1107002","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.904.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1108219","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:27,1111560","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.904.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1115026","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:27,1116686","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.904.879, Length: 2.920"
"12:27:27,1122690","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:27,1126534","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.907.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1129590","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:27,1136041","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:27,1142041","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:27,1147629","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:27,1152840","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:27,1158046","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:27,1163649","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:27,1169727","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:27,1175689","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:27,1180919","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:27,1187310","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 466.944, Length: 4.096"
"12:27:27,1187711","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.907.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1191331","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.907.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1193757","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.907.799, Length: 2.920"
"12:27:27,1194153","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 471.040, Length: 4.096"
"12:27:27,1196934","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.910.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1199793","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 475.136, Length: 4.096"
"12:27:27,1205051","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 479.232, Length: 4.096"
"12:27:27,1210653","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 483.328, Length: 4.096"
"12:27:27,1215286","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.910.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1216671","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 487.424, Length: 4.096"
"12:27:27,1221299","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.910.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1223785","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.910.719, Length: 5.840"
"12:27:27,1224630","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 491.520, Length: 4.096"
"12:27:27,1228166","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.916.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1231455","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 495.616, Length: 4.096"
"12:27:27,1239082","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 499.712, Length: 4.096"
"12:27:27,1247442","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 503.808, Length: 4.096"
"12:27:27,1256254","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 507.904, Length: 4.096"
"12:27:27,1263480","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 512.000, Length: 4.096"
"12:27:27,1270267","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 516.096, Length: 4.096"
"12:27:27,1277083","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 520.192, Length: 4.096"
"12:27:27,1283899","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 524.288, Length: 4.096"
"12:27:27,1291120","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 528.384, Length: 4.096"
"12:27:27,1298747","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 532.480, Length: 4.096"
"12:27:27,1299391","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.916.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1302955","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.916.559, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1305372","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.916.559, Length: 7.300"
"12:27:27,1305941","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 536.576, Length: 4.096"
"12:27:27,1309374","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.923.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1312817","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 540.672, Length: 4.096"
"12:27:27,1321596","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 544.768, Length: 4.096"
"12:27:27,1328435","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 548.864, Length: 4.096"
"12:27:27,1335251","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 552.960, Length: 4.096"
"12:27:27,1342071","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 557.056, Length: 4.096"
"12:27:27,1348905","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 561.152, Length: 4.096"
"12:27:27,1358100","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 565.248, Length: 4.096"
"12:27:27,1364151","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 569.344, Length: 4.096"
"12:27:27,1369749","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 573.440, Length: 4.096"
"12:27:27,1375006","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 577.536, Length: 4.096"
"12:27:27,1380576","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 581.632, Length: 4.096"
"12:27:27,1385810","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 585.728, Length: 4.096"
"12:27:27,1391040","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 589.824, Length: 4.096"
"12:27:27,1396264","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 593.920, Length: 4.096"
"12:27:27,1401471","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 598.016, Length: 4.096"
"12:27:27,1406686","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 602.112, Length: 4.096"
"12:27:27,1411888","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 606.208, Length: 4.096"
"12:27:27,1417103","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 610.304, Length: 4.096"
"12:27:27,1423154","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 614.400, Length: 4.096"
"12:27:27,1428378","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 618.496, Length: 4.096"
"12:27:27,1433911","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 622.592, Length: 4.096"
"12:27:27,1439192","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 626.688, Length: 4.096"
"12:27:27,1444752","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1444780","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 630.784, Length: 4.096"
"12:27:27,1448013","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1450001","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1450038","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 634.880, Length: 4.096"
"12:27:27,1452436","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976369, endtime: 976369, seqnum: 0, connid: 0"
"12:27:27,1455253","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 638.976, Length: 4.096"
"12:27:27,1460474","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 643.072, Length: 4.096"
"12:27:27,1465675","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 647.168, Length: 4.096"
"12:27:27,1466463","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1468875","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1471250","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976369, endtime: 976369, seqnum: 0, connid: 0"
"12:27:27,1471292","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 651.264, Length: 4.096"
"12:27:27,1476502","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 655.360, Length: 4.096"
"12:27:27,1481709","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 659.456, Length: 4.096"
"12:27:27,1486915","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 663.552, Length: 4.096"
"12:27:27,1492121","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 667.648, Length: 4.096"
"12:27:27,1497322","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 671.744, Length: 4.096"
"12:27:27,1502524","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 675.840, Length: 4.096"
"12:27:27,1507399","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 679.936, Length: 4.096"
"12:27:27,1512600","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 684.032, Length: 4.096"
"12:27:27,1517839","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 688.128, Length: 4.096"
"12:27:27,1523386","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 692.224, Length: 4.096"
"12:27:27,1528265","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 696.320, Length: 4.096"
"12:27:27,1533462","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 700.416, Length: 4.096"
"12:27:27,1538659","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 704.512, Length: 4.096"
"12:27:27,1543860","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 708.608, Length: 4.096"
"12:27:27,1547774","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.923.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1549076","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 712.704, Length: 4.096"
"12:27:27,1551357","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.923.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1554133","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.923.859, Length: 2.920"
"12:27:27,1554301","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 716.800, Length: 4.096"
"12:27:27,1558177","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.926.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1559516","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 720.896, Length: 4.096"
"12:27:27,1564722","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 724.992, Length: 4.096"
"12:27:27,1569914","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 729.088, Length: 4.096"
"12:27:27,1574799","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 733.184, Length: 4.096"
"12:27:27,1580000","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 737.280, Length: 4.096"
"12:27:27,1582855","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.926.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1585216","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 741.376, Length: 4.096"
"12:27:27,1586797","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.926.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1589255","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.926.779, Length: 1.460"
"12:27:27,1590431","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 745.472, Length: 4.096"
"12:27:27,1593249","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.928.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1596808","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 749.568, Length: 4.096"
"12:27:27,1602019","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 753.664, Length: 4.096"
"12:27:27,1606908","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 757.760, Length: 4.096"
"12:27:27,1612095","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 761.856, Length: 4.096"
"12:27:27,1615095","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.928.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1617329","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 765.952, Length: 4.096"
"12:27:27,1618356","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.928.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1620744","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.928.239, Length: 2.920"
"12:27:27,1622895","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 770.048, Length: 4.096"
"12:27:27,1625181","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.931.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1628101","SavService.exe","1536","ReadFile","C:\Windows\System32\autochk.exe","SUCCESS","Offset: 774.144, Length: 3.584"
"12:27:27,1636983","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.260.310, Length: 16.200"
"12:27:27,1801434","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1805077","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976370, endtime: 976370, seqnum: 0, connid: 0"
"12:27:27,1817640","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:27,1824721","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,1825776","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1827847","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1828719","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:27,1829769","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1831042","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,1831947","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:27,1833053","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976370, endtime: 976370, seqnum: 0, connid: 0"
"12:27:27,1834411","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:27,1836818","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:27,1839561","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:27,1878112","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\autochk.exe.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:27,1883351","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\autochk.exe.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:27,1917853","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\autochk.exe.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:27,1919071","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.931.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1922280","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.931.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1924678","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.931.159, Length: 1.460"
"12:27:27,1928308","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.932.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1949333","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\autochk.exe.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,1955346","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.776.228, Length: 16.200"
"12:27:27,1977407","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,1982221","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\autochk.exe.mui","SUCCESS","Filter: autochk.exe.mui, 1: autochk.exe.mui"
"12:27:27,1982711","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.932.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1985510","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.932.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,1986653","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:27,1987157","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.932.619, Length: 5.840"
"12:27:27,1990744","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.938.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2003834","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,2007851","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\autochk.exe.mui","SUCCESS","Filter: autochk.exe.mui, 1: autochk.exe.mui"
"12:27:27,2011499","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:27:27,2039181","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,2044741","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:27,2046747","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:27,2052835","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,2056451","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:27,2060005","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:27,2086097","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,2089315","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:27,2090953","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:27,2096971","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,2100572","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:27,2103791","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:27,2117385","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,2125320","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:27,2130951","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:27,2138489","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2141713","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2144139","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976370, endtime: 976370, seqnum: 0, connid: 0"
"12:27:27,2159757","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2161824","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2163354","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2164637","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976370, endtime: 976370, seqnum: 0, connid: 0"
"12:27:27,2201649","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.938.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2205264","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.938.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2208012","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.938.459, Length: 2.920"
"12:27:27,2213647","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.941.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2243750","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\autochk.exe.mui","SUCCESS","Offset: 274.944, Length: 3.072"
"12:27:27,2247762","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.941.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2248173","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\autochk.exe.mui","SUCCESS","Offset: 274.432, Length: 3.584, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:27,2251345","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.941.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2253733","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.941.379, Length: 2.920"
"12:27:27,2257004","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.944.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2271530","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\autochk.exe.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,2291720","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.944.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2294519","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 408.944.640, EndOfFile: 408.944.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2298517","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.944.299, Length: 1.460, Priority: Normal"
"12:27:27,2318213","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 408.944.640, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:27,2323391","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.945.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2462287","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2465123","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2467138","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976370, endtime: 976370, seqnum: 0, connid: 0"
"12:27:27,2479589","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2481530","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2482789","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2485117","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976370, endtime: 976370, seqnum: 0, connid: 0"
"12:27:27,2544181","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.945.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2547003","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.945.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2548972","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.945.759, Length: 2.920"
"12:27:27,2551407","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.948.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2636459","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.948.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2640042","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.948.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2642430","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.948.679, Length: 4.380"
"12:27:27,2646097","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.953.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2784750","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2787573","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2789588","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976371, endtime: 976371, seqnum: 0, connid: 0"
"12:27:27,2802440","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2804381","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2805234","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,2807581","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976371, endtime: 976371, seqnum: 0, connid: 0"
"12:27:27,2850531","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.953.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2853755","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.953.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2856489","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.953.059, Length: 2.920"
"12:27:27,2859684","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.955.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2891425","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.955.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2894233","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.955.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,2896188","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.955.979, Length: 4.380"
"12:27:27,2899015","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.960.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,3102437","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,3105618","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,3108058","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976371, endtime: 976371, seqnum: 0, connid: 0"
"12:27:27,3169337","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.960.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,3172160","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.960.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,3174142","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.960.359, Length: 2.920"
"12:27:27,3176974","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.963.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,3512108","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:27,3516143","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,3519007","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:27,3521820","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:27,3523817","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:27,3525813","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,3527432","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:27,3530170","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:27,3532256","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:27,3533837","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,3535437","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:27,3537061","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:27,4626772","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:27,4631563","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:27,4634385","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:27,4635640","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:27,4637595","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:27,4639209","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,4641247","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:27,4641266","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:27,4644060","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:27,4646062","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:27,4648058","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,4649663","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:27,4652056","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:27,4654459","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:27,4656040","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,4657640","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:27,4659268","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:27,6084789","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:27,6089133","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,6091586","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:27,6093980","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:27,6095948","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:27,6097595","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:27,6099610","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:27,6139477","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:27,6144623","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:27,6162966","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 176, Length: 4.096"
"12:27:27,6188959","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,6194967","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 96.288, Length: 16.200"
"12:27:27,6216268","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,6223121","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Filter: wininet.dll.mui, 1: wininet.dll.mui"
"12:27:27,6227538","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:27,6243553","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,6247542","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Filter: wininet.dll.mui, 1: wininet.dll.mui"
"12:27:27,6251568","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:27:27,6278093","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,6283658","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:27,6285664","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:27,6291738","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,6295354","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:27,6298890","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:27,6326250","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,6329777","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:27,6331409","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:27,6337436","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,6341043","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:27,6344266","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:27,6357505","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,6361130","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:27,6364340","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:27,6448207","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 50.892, Length: 4.096"
"12:27:27,6451743","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 512, Length: 4.096"
"12:27:27,6460588","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 32, Length: 4.096"
"12:27:27,6464194","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 57.801, Length: 567"
"12:27:27,6467795","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 176, Length: 4.096"
"12:27:27,6471061","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,6474210","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 54.272, Length: 4.096"
"12:27:27,6476659","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 48.896, Length: 4.096"
"12:27:27,6479448","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 54.272, Length: 4.096"
"12:27:27,6481912","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 48.896, Length: 4.096"
"12:27:27,6485051","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:27,6495897","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,6525609","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,6528436","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:27,6532004","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:27,6535214","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:27,6537626","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:27,6539160","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 5.476, Length: 4.096"
"12:27:27,6540019","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,6542048","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:27,6544437","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:27,6546844","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:27,6548859","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:27,6550860","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,6552003","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,6552871","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:27,6554905","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:27,6556939","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:27,6558935","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:27,6560909","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,6562863","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 55.808, Length: 2.560"
"12:27:27,6562882","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:27,6564902","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:27,6566922","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:27,6568895","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:27,6575697","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,6602576","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:27,6709190","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,6774099","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 4.096, Length: 54.272"
"12:27:27,6860793","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,6898948","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,6903716","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Filter: wininet.dll.mui, 1: wininet.dll.mui"
"12:27:27,6908134","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:27,6925002","SavService.exe","1536","CreateFile","C:\Windows\System32\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,6929019","SavService.exe","1536","QueryDirectory","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Filter: wininet.dll.mui, 1: wininet.dll.mui"
"12:27:27,6932989","SavService.exe","1536","CloseFile","C:\Windows\System32\de-DE","SUCCESS",""
"12:27:27,7021652","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 25.088, Length: 4.096"
"12:27:27,7084662","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 58.368"
"12:27:27,7177388","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,7436492","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 29.184, Length: 4.096"
"12:27:27,7506042","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:27,7509728","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,7512074","svchost.exe","884","RegOpenKey","HKLM\Software\Policies\Microsoft\Power\PowerRequestOverride","NAME NOT FOUND","Desired Access: Query Value"
"12:27:27,7514546","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:27,7516543","svchost.exe","884","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:27,7519295","svchost.exe","884","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,7520919","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","REPARSE","Desired Access: Query Value"
"12:27:27,7523349","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Desired Access: Query Value"
"12:27:27,7529335","svchost.exe","884","RegCloseKey","HKLM","SUCCESS",""
"12:27:27,7531005","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,7532945","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride\Driver","NAME NOT FOUND","Desired Access: Query Value, Set Value"
"12:27:27,7534592","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\Power\PowerRequestOverride","SUCCESS",""
"12:27:27,7610277","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 536, Length: 4.096"
"12:27:27,7735798","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 4.632, Length: 4.096"
"12:27:27,7740668","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 8.728, Length: 4.096"
"12:27:27,7745814","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 12.824, Length: 4.096"
"12:27:27,7749877","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 16.920, Length: 4.096"
"12:27:27,7754243","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 21.016, Length: 4.096"
"12:27:27,7758325","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 27.136, Length: 4.096"
"12:27:27,7761521","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 31.232, Length: 4.096"
"12:27:27,7765873","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 35.328, Length: 4.096"
"12:27:27,7769918","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 39.424, Length: 4.096"
"12:27:27,7773972","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:27,7778329","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 47.616, Length: 4.096"
"12:27:27,7782373","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 51.712, Length: 4.096"
"12:27:27,7991781","SavService.exe","1536","ReadFile","C:\Windows\System32\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,9098053","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:27,9102424","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:27,9104854","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:27,9107233","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:27,9108875","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:27,9110849","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:27,9112864","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:27,9148187","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:27,9153016","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:27,9190485","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 256, Length: 4.096"
"12:27:27,9223098","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,9229167","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.638.230, Length: 16.200"
"12:27:27,9252837","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,9257647","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\difxapi.dll","SUCCESS","Filter: difxapi.dll, 1: difxapi.dll"
"12:27:27,9262428","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:27,9277716","SavService.exe","1536","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,9283678","SavService.exe","1536","QueryDirectory","C:\Windows\System32\difxapi.dll","SUCCESS","Filter: difxapi.dll, 1: difxapi.dll"
"12:27:27,9287713","SavService.exe","1536","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:27,9326959","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,9333019","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:27,9335380","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:27,9341836","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,9345806","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:27,9349440","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:27,9375559","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,9379119","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:27,9380747","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:27,9386779","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,9390371","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:27,9393594","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:27,9406852","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:27,9410472","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:27,9414013","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:27,9425755","dgnsvc.exe","1612","RegQueryKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:27,9428610","dgnsvc.exe","1612","RegOpenKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Acoustic Optimization","SUCCESS","Desired Access: Read/Write"
"12:27:27,9432584","dgnsvc.exe","1612","RegQueryValue","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Acoustic Optimization\HostThreadId","NAME NOT FOUND","Length: 144"
"12:27:27,9435038","dgnsvc.exe","1612","RegCloseKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Acoustic Optimization","SUCCESS",""
"12:27:27,9437795","dgnsvc.exe","1612","RegQueryKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:27,9439442","dgnsvc.exe","1612","RegOpenKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Language Model Optimization","SUCCESS","Desired Access: Read/Write"
"12:27:27,9441854","dgnsvc.exe","1612","RegQueryValue","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Language Model Optimization\HostThreadId","NAME NOT FOUND","Length: 144"
"12:27:27,9443332","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 276.820, Length: 4.096"
"12:27:27,9443841","dgnsvc.exe","1612","RegCloseKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Language Model Optimization","SUCCESS",""
"12:27:27,9446687","dgnsvc.exe","1612","RegQueryKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks","SUCCESS","Query: HandleTags, HandleTags: 0x400"
"12:27:27,9447330","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 274.432, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:27,9448637","dgnsvc.exe","1612","RegOpenKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Data Collection","SUCCESS","Desired Access: Read/Write"
"12:27:27,9450656","dgnsvc.exe","1612","RegQueryValue","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Data Collection\HostThreadId","NAME NOT FOUND","Length: 144"
"12:27:27,9452625","dgnsvc.exe","1612","RegCloseKey","HKLM\System\CurrentControlSet\services\DragonSvc\ScheduledTasks\NatSpeak Periodic Data Collection","SUCCESS",""
"12:27:27,9463630","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 256, Length: 4.096"
"12:27:27,9496952","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,9531781","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 278.534, Length: 4.096"
"12:27:27,9535410","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 282.624, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:27,9562276","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,9571489","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 455.680, Length: 4.096"
"12:27:27,9575497","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 454.656, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:27,9592846","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 449.536, Length: 4.096"
"12:27:27,9597231","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 446.464, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:27,9612266","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:27,9639365","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 453.632, Length: 4.096"
"12:27:27,9692742","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 500.224, Length: 4.096"
"12:27:27,9696348","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 499.712, Length: 4.608, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:27,9722477","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,9725350","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,9727366","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976377, endtime: 976377, seqnum: 0, connid: 0"
"12:27:27,9729138","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,9736574","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 275.456, Length: 4.096"
"12:27:27,9742172","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,9743805","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,9744971","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,9745816","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:27,9747378","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976377, endtime: 976377, seqnum: 0, connid: 0"
"12:27:27,9770484","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 56.320, Length: 4.096"
"12:27:27,9807939","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 3.072, Length: 4.096"
"12:27:27,9852145","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 276.820, Length: 4.096"
"12:27:27,9855732","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:27,9863327","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 456.704, Length: 4.096"
"12:27:27,9870362","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 276.820, Length: 4.096"
"12:27:27,9921598","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.963.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,9924807","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.963.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,9929243","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.963.279, Length: 2.920"
"12:27:27,9932453","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.966.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,9960928","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.966.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,9963270","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.966.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,9964539","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.966.199, Length: 5.840"
"12:27:27,9966946","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.972.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:27,9987281","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 280.916, Length: 4.096"
"12:27:27,9993233","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 285.012, Length: 4.096"
"12:27:27,9996909","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 286.720, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:28,0011805","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 289.108, Length: 4.096"
"12:27:28,0046652","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0049493","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0051508","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976378, endtime: 976378, seqnum: 0, connid: 0"
"12:27:28,0066282","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0067915","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0068774","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0069926","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0071167","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976378, endtime: 976378, seqnum: 0, connid: 0"
"12:27:28,0143134","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.972.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0145961","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.972.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0147607","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.972.039, Length: 2.920"
"12:27:28,0150770","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.974.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0179801","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.974.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0182609","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.974.959, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0184232","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.974.959, Length: 5.840"
"12:27:28,0187400","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.980.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0189182","SavService.exe","1536","ReadFile","C:\Windows\System32\difxapi.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,0433189","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0436418","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976378, endtime: 976378, seqnum: 0, connid: 0"
"12:27:28,0452806","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0454816","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0456020","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0457219","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0458478","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976378, endtime: 976378, seqnum: 0, connid: 0"
"12:27:28,0496573","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.980.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0499750","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.980.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0502133","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.980.799, Length: 1.460"
"12:27:28,0505739","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.982.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0552254","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.982.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0554736","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.982.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0556686","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.982.259, Length: 4.380"
"12:27:28,0559895","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.986.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0590759","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.986.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0594057","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.986.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0596016","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.986.639, Length: 1.460"
"12:27:28,0598797","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.988.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0682478","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:28,0686844","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:28,0689680","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:28,0692083","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:28,0694047","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:28,0695694","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:28,0697713","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:28,0735038","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:28,0743850","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 256, Length: 4.096"
"12:27:28,0747438","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 4.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:28,0758167","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0761405","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976378, endtime: 976378, seqnum: 0, connid: 0"
"12:27:28,0777434","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0779421","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0780601","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0781464","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0783041","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976378, endtime: 976379, seqnum: 0, connid: 0"
"12:27:28,0787072","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,0790640","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,0792301","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976379, endtime: 976379, seqnum: 0, connid: 0"
"12:27:28,0794321","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.092.290, Length: 16.200"
"12:27:28,0797922","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.088.960, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:28,0820384","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:28,0826435","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:28,0830461","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 8.192, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:28,0845277","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:28,0851686","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:28,0857252","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:28,0862519","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:28,0867753","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:28,0868331","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.988.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0871499","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.988.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0873136","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.988.099, Length: 7.300"
"12:27:28,0873351","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:28,0876728","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.995.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0878575","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:28,0883777","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:28,0889006","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:28,0894227","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:28,0899447","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:28,0904653","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:28,0909868","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:28,0915093","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:28,0921111","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:28,0926331","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:28,0931868","SavService.exe","1536","ReadFile","C:\Windows\System32\imagehlp.dll","SUCCESS","Offset: 77.824, Length: 3.584"
"12:27:28,0940774","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.829.850, Length: 16.200"
"12:27:28,0968288","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.995.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0971899","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.995.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,0974334","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.995.399, Length: 1.460"
"12:27:28,0977492","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.996.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,1134231","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1137819","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976379, endtime: 976379, seqnum: 0, connid: 0"
"12:27:28,1153064","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1154678","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1155537","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1156698","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1157948","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976379, endtime: 976379, seqnum: 0, connid: 0"
"12:27:28,1250502","sua.exe","2440","Thread Create","","SUCCESS","Thread ID: 9964"
"12:27:28,1590571","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1593720","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1594965","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1596155","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1597317","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1599738","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1601002","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976379, endtime: 976379, seqnum: 0, connid: 0"
"12:27:28,1603269","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.996.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,1606516","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 408.996.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,1609254","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 408.996.859, Length: 7.300"
"12:27:28,1613653","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 409.004.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,1670370","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:56848 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 46, seqnum: 0, connid: 0"
"12:27:28,1692436","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:63921 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 45, seqnum: 0, connid: 0"
"12:27:28,1721014","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:56848 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 365, seqnum: 0, connid: 0"
"12:27:28,1724596","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:63921 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 364, seqnum: 0, connid: 0"
"12:27:28,1869631","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1872449","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1873694","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:28,1875663","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976380, endtime: 976380, seqnum: 0, connid: 0"
"12:27:28,1899986","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1902431","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1904026","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1905612","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1907194","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,1910002","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:28,1911663","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976380, endtime: 976380, seqnum: 0, connid: 0"
"12:27:28,1956741","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 409.004.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,1960305","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.010.176, EndOfFile: 409.004.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,1964340","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.004.159, Length: 8.760, Priority: Normal"
"12:27:28,1983154","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.012.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2053432","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.012.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2058690","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.012.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2060784","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.012.919, Length: 7.852"
"12:27:28,2063956","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.020.771, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2083955","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.020.771, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2086698","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.020.771, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2088326","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.020.771, Length: 3.828"
"12:27:28,2091536","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.024.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2191409","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,2194180","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,2196181","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976380, endtime: 976380, seqnum: 0, connid: 0"
"12:27:28,2208287","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,2210232","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,2211426","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,2212691","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976380, endtime: 976380, seqnum: 0, connid: 0"
"12:27:28,2270443","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.024.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2275463","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.024.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2277483","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.024.599, Length: 2.920"
"12:27:28,2283687","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.027.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2363487","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.027.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2366276","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.027.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2368236","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.027.519, Length: 4.380"
"12:27:28,2371497","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.031.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2513481","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,2516303","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,2518346","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976380, endtime: 976380, seqnum: 0, connid: 0"
"12:27:28,2531903","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:28,2535135","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976380, endtime: 976380, seqnum: 0, connid: 0"
"12:27:28,2653934","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.031.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2657148","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.031.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2659556","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.031.899, Length: 2.920"
"12:27:28,2663568","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.034.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2685684","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.034.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2690876","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.034.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,2693717","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.034.819, Length: 1.460"
"12:27:28,2697711","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.036.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:28,4345398","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:28,4349783","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:28,4352218","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:28,4355040","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:28,4357004","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:28,4358646","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:28,4360662","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:28,4402763","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:28,4411986","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:27:28,4415573","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 4.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:28,4445075","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,4451499","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.242.976, Length: 16.200"
"12:27:28,4463152","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:28,4468745","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:28,4472020","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 8.192, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:28,4486579","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:28,4497551","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:28,4503583","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:28,4509149","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:28,4514369","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:28,4520783","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:28,4526055","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:28,4531256","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:28,4536457","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:28,4541654","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:28,4546851","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:28,4551735","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:28,4557315","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:28,4562535","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:28,4567741","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:28,4572947","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:28,4578135","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:28,4583024","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:28,4588216","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:28,4593412","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:28,4598600","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:28,4603480","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:28,4608672","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:28,4613868","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:28,4622158","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:28,4634875","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:28,4636209","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:28,4637347","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:28,4641821","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:28,4645021","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:28,4646878","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:28,4648632","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:28,4653269","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:28,4658522","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:28,4663742","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:28,4668953","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:28,4674164","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:28,4679370","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:28,4684567","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:28,4689455","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:28,4694652","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:28,4699858","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:28,4705055","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:28,4710271","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:28,4715468","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:28,4722754","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:28,4728287","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:28,4733181","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:28,4738387","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:28,4743957","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:28,4749186","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:28,4754397","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:28,4760065","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:28,4765271","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:28,4770473","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:28,4775683","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:28,4780880","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 221.184, Length: 3.072"
"12:27:28,4788918","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.848.966, Length: 16.200"
"12:27:28,4795318","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,4816959","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:28,4824209","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 232, Length: 4.096"
"12:27:28,4854340","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,4877166","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:28,4893629","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,4898023","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 161.792, Length: 4.096"
"12:27:28,4911314","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 165.888, Length: 4.096"
"12:27:28,4933724","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 190.464, Length: 4.096"
"12:27:28,4938198","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 194.560, Length: 4.096"
"12:27:28,4941375","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:28,4955846","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:28,5008369","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:28,5037880","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 221.184, Length: 3.072"
"12:27:28,5050307","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,5075629","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 107.520, Length: 4.096"
"12:27:28,5135014","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 1.824, Length: 4.096"
"12:27:28,5137781","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,5145039","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 207.872, Length: 4.096"
"12:27:28,5148981","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 1.824, Length: 4.096"
"12:27:28,5238484","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 5.920, Length: 4.096"
"12:27:28,5243270","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 10.016, Length: 4.096"
"12:27:28,5247319","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 14.112, Length: 4.096"
"12:27:28,5266581","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 52.224, Length: 4.096"
"12:27:28,5402617","SavService.exe","1536","ReadFile","C:\Windows\System32\wintrust.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,5541466","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Graf_Fenryl-PC:58295","SUCCESS","Length: 22, seqnum: 0, connid: 0"
"12:27:28,5546295","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes079.wohnheim.uni-kl.de:55867","SUCCESS","Length: 22, seqnum: 0, connid: 0"
"12:27:28,6052522","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:28,6056874","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:28,6059319","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:28,6061754","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:28,6063713","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:28,6065360","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:28,6067688","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:28,6102232","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:28,6110671","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:27:28,6114272","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 4.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:28,6161277","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,6167271","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 279.024, Length: 16.200"
"12:27:28,6176923","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:28,6182493","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:28,6185740","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 8.192, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:28,6200267","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:28,6212475","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:28,6219263","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:28,6224907","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:28,6230123","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:28,6235320","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:28,6240526","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:28,6245732","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:28,6250933","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:28,6256135","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:28,6261019","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:28,6266221","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:28,6271781","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:28,6276992","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:28,6281876","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:28,6287068","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:28,6292270","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:28,6297467","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:28,6302659","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:28,6307548","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:28,6312749","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:28,6318324","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:28,6323567","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:28,6328774","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:28,6333980","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:28,6339177","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:28,6344061","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:28,6349258","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:28,6354459","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:28,6359661","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:28,6364843","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:28,6369723","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:28,6374924","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:28,6380121","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:28,6385304","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:28,6390188","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:28,6395385","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:28,6400582","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:28,6405765","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:28,6410649","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:28,6415850","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:28,6422652","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:28,6427868","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:28,6433074","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:28,6438317","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:28,6443533","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:28,6448739","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:28,6453950","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:28,6459156","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:28,6464362","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:28,6469554","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:28,6474438","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:28,6479649","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:28,6484846","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:28,6490043","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:28,6494922","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:28,6500114","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:28,6505311","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:28,6510517","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:28,6516148","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:28,6522595","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:28,6527815","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:28,6533007","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:28,6536301","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Graf_Fenryl-PC:58295","SUCCESS","Length: 22, seqnum: 0, connid: 0"
"12:27:28,6538209","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:28,6540728","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes079.wohnheim.uni-kl.de:55867","SUCCESS","Length: 22, seqnum: 0, connid: 0"
"12:27:28,6543415","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:28,6548612","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:28,6553491","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:28,6558683","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:28,6563876","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:28,6569068","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:28,6573947","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:28,6579139","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:28,6584336","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:28,6589524","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:28,6594408","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:28,6599600","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:28,6604830","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:28,6610054","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:28,6615247","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:28,6620873","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:28,6626424","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:28,6631317","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:28,6636510","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:28,6642145","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:28,6647342","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:28,6652543","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:28,6657731","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:28,6662615","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:28,6667812","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:28,6673018","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:28,6678224","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:28,6683421","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:28,6688300","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:28,6693488","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:28,6698685","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:28,6703882","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:28,6708752","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:28,6713939","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:28,6719575","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:28,6724795","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:28,6729987","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:28,6735193","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:28,6740404","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:28,6745601","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:28,6750476","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:28,6755668","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:28,6764093","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:28,6769719","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:28,6774957","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:28,6780485","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:28,6785379","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:28,6791332","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 466.944, Length: 4.096"
"12:27:28,6796221","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 471.040, Length: 4.096"
"12:27:28,6801417","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 475.136, Length: 4.096"
"12:27:28,6806614","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 479.232, Length: 4.096"
"12:27:28,6811825","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 483.328, Length: 4.096"
"12:27:28,6817022","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 487.424, Length: 4.096"
"12:27:28,6822289","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 491.520, Length: 4.096"
"12:27:28,6827485","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 495.616, Length: 4.096"
"12:27:28,6832682","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 499.712, Length: 4.096"
"12:27:28,6837884","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 503.808, Length: 4.096"
"12:27:28,6843071","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 507.904, Length: 4.096"
"12:27:28,6847955","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 512.000, Length: 4.096"
"12:27:28,6853148","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 516.096, Length: 4.096"
"12:27:28,6858344","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 520.192, Length: 4.096"
"12:27:28,6863532","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 524.288, Length: 4.096"
"12:27:28,6868416","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 528.384, Length: 4.096"
"12:27:28,6873608","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 532.480, Length: 4.096"
"12:27:28,6878805","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 536.576, Length: 4.096"
"12:27:28,6883992","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 540.672, Length: 4.096"
"12:27:28,6888877","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 544.768, Length: 4.096"
"12:27:28,6894074","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 548.864, Length: 4.096"
"12:27:28,6899280","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 552.960, Length: 4.096"
"12:27:28,6904476","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 557.056, Length: 4.096"
"12:27:28,6909351","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 561.152, Length: 4.096"
"12:27:28,6914544","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 565.248, Length: 4.096"
"12:27:28,6920170","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 569.344, Length: 4.096"
"12:27:28,6925371","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 573.440, Length: 4.096"
"12:27:28,6930577","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 577.536, Length: 4.096"
"12:27:28,6935774","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 581.632, Length: 4.096"
"12:27:28,6941003","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 585.728, Length: 4.096"
"12:27:28,6946219","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 589.824, Length: 4.096"
"12:27:28,6951420","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 593.920, Length: 4.096"
"12:27:28,6957023","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 598.016, Length: 4.096"
"12:27:28,6962239","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 602.112, Length: 4.096"
"12:27:28,6967123","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 606.208, Length: 4.096"
"12:27:28,6972310","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 610.304, Length: 4.096"
"12:27:28,6977512","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 614.400, Length: 4.096"
"12:27:28,6982709","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 618.496, Length: 4.096"
"12:27:28,6987583","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 622.592, Length: 4.096"
"12:27:28,6992771","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 626.688, Length: 4.096"
"12:27:28,6997972","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 630.784, Length: 4.096"
"12:27:28,7003174","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 634.880, Length: 4.096"
"12:27:28,7008053","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 638.976, Length: 4.096"
"12:27:28,7013246","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 643.072, Length: 4.096"
"12:27:28,7020085","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 647.168, Length: 4.096"
"12:27:28,7025664","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 651.264, Length: 4.096"
"12:27:28,7030875","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 655.360, Length: 4.096"
"12:27:28,7036081","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 659.456, Length: 4.096"
"12:27:28,7041278","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 663.552, Length: 4.096"
"12:27:28,7046162","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 667.648, Length: 4.096"
"12:27:28,7051354","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 671.744, Length: 4.096"
"12:27:28,7056551","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 675.840, Length: 4.096"
"12:27:28,7061748","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 679.936, Length: 4.096"
"12:27:28,7066627","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 684.032, Length: 4.096"
"12:27:28,7071819","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 688.128, Length: 4.096"
"12:27:28,7077016","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 692.224, Length: 4.096"
"12:27:28,7082227","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 696.320, Length: 4.096"
"12:27:28,7087424","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 700.416, Length: 4.096"
"12:27:28,7092299","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 704.512, Length: 4.096"
"12:27:28,7097491","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 708.608, Length: 4.096"
"12:27:28,7102688","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 712.704, Length: 4.096"
"12:27:28,7107917","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 716.800, Length: 4.096"
"12:27:28,7113137","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 720.896, Length: 4.096"
"12:27:28,7118707","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 724.992, Length: 4.096"
"12:27:28,7123960","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 729.088, Length: 4.096"
"12:27:28,7132810","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 733.184, Length: 4.096"
"12:27:28,7139229","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 737.280, Length: 4.096"
"12:27:28,7144817","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 741.376, Length: 4.096"
"12:27:28,7150047","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 745.472, Length: 4.096"
"12:27:28,7155262","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 749.568, Length: 4.096"
"12:27:28,7160478","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 753.664, Length: 4.096"
"12:27:28,7165702","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 757.760, Length: 4.096"
"12:27:28,7170904","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 761.856, Length: 4.096"
"12:27:28,7176101","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 765.952, Length: 4.096"
"12:27:28,7180999","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 770.048, Length: 4.096"
"12:27:28,7186196","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 774.144, Length: 4.096"
"12:27:28,7191407","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 778.240, Length: 4.096"
"12:27:28,7196613","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 782.336, Length: 4.096"
"12:27:28,7201819","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 786.432, Length: 4.096"
"12:27:28,7207034","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 790.528, Length: 4.096"
"12:27:28,7212250","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 794.624, Length: 4.096"
"12:27:28,7217852","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 798.720, Length: 4.096"
"12:27:28,7224309","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 802.816, Length: 4.096"
"12:27:28,7229524","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 806.912, Length: 4.096"
"12:27:28,7236573","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 811.008, Length: 4.096"
"12:27:28,7245045","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 815.104, Length: 4.096"
"12:27:28,7252649","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 819.200, Length: 4.096"
"12:27:28,7258275","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 823.296, Length: 4.096"
"12:27:28,7265090","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 827.392, Length: 4.096"
"12:27:28,7273091","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 831.488, Length: 4.096"
"12:27:28,7279505","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 835.584, Length: 4.096"
"12:27:28,7285122","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 839.680, Length: 4.096"
"12:27:28,7290389","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 843.776, Length: 4.096"
"12:27:28,7295987","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 847.872, Length: 4.096"
"12:27:28,7301221","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 851.968, Length: 4.096"
"12:27:28,7306436","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 856.064, Length: 4.096"
"12:27:28,7312039","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 860.160, Length: 4.096"
"12:27:28,7317683","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 864.256, Length: 4.096"
"12:27:28,7324098","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 868.352, Length: 4.096"
"12:27:28,7329631","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 872.448, Length: 4.096"
"12:27:28,7334533","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 876.544, Length: 4.096"
"12:27:28,7339730","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 880.640, Length: 4.096"
"12:27:28,7344936","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 884.736, Length: 4.096"
"12:27:28,7350138","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 888.832, Length: 4.096"
"12:27:28,7361413","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 892.928, Length: 4.096"
"12:27:28,7368663","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 897.024, Length: 4.096"
"12:27:28,7374251","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 901.120, Length: 4.096"
"12:27:28,7379485","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 905.216, Length: 4.096"
"12:27:28,7395463","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 909.312, Length: 4.096"
"12:27:28,7405143","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 913.408, Length: 4.096"
"12:27:28,7411231","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 917.504, Length: 4.096"
"12:27:28,7416801","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 921.600, Length: 4.096"
"12:27:28,7427092","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 925.696, Length: 4.096"
"12:27:28,7433445","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 929.792, Length: 4.096"
"12:27:28,7438694","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 933.888, Length: 4.096"
"12:27:28,7443914","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 937.984, Length: 4.096"
"12:27:28,7449129","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 942.080, Length: 4.096"
"12:27:28,7454331","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 946.176, Length: 4.096"
"12:27:28,7460722","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 950.272, Length: 4.096"
"12:27:28,7469147","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 954.368, Length: 4.096"
"12:27:28,7474782","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 958.464, Length: 4.096"
"12:27:28,7480786","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 962.560, Length: 4.096"
"12:27:28,7489164","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 966.656, Length: 4.096"
"12:27:28,7494403","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 970.752, Length: 4.096"
"12:27:28,7507241","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 974.848, Length: 4.096"
"12:27:28,7515633","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 978.944, Length: 4.096"
"12:27:28,7522402","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 983.040, Length: 4.096"
"12:27:28,7527986","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 987.136, Length: 4.096"
"12:27:28,7533230","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 991.232, Length: 4.096"
"12:27:28,7538431","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 995.328, Length: 4.096"
"12:27:28,7543320","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 999.424, Length: 4.096"
"12:27:28,7548526","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.003.520, Length: 4.096"
"12:27:28,7553737","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.007.616, Length: 4.096"
"12:27:28,7558943","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.011.712, Length: 4.096"
"12:27:28,7564149","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.015.808, Length: 4.096"
"12:27:28,7572892","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.019.904, Length: 4.096"
"12:27:28,7580127","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.024.000, Length: 4.096"
"12:27:28,7585706","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.028.096, Length: 4.096"
"12:27:28,7591384","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.032.192, Length: 4.096"
"12:27:28,7596599","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.036.288, Length: 4.096"
"12:27:28,7602244","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.040.384, Length: 4.096"
"12:27:28,7607455","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.044.480, Length: 4.096"
"12:27:28,7613407","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.048.576, Length: 4.096"
"12:27:28,7638346","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.052.672, Length: 4.096"
"12:27:28,7643935","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.056.768, Length: 4.096"
"12:27:28,7649141","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.060.864, Length: 4.096"
"12:27:28,7654352","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.064.960, Length: 4.096"
"12:27:28,7659544","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.069.056, Length: 4.096"
"12:27:28,7664783","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.073.152, Length: 4.096"
"12:27:28,7670022","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.077.248, Length: 4.096"
"12:27:28,7675228","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.081.344, Length: 4.096"
"12:27:28,7680429","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.085.440, Length: 4.096"
"12:27:28,7685626","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.089.536, Length: 4.096"
"12:27:28,7690823","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.093.632, Length: 4.096"
"12:27:28,7696491","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.097.728, Length: 4.096"
"12:27:28,7701702","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.101.824, Length: 4.096"
"12:27:28,7707342","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.105.920, Length: 4.096"
"12:27:28,7712912","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.110.016, Length: 4.096"
"12:27:28,7720548","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.114.112, Length: 4.096"
"12:27:28,7730848","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.118.208, Length: 4.096"
"12:27:28,7737277","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.122.304, Length: 4.096"
"12:27:28,7742838","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.126.400, Length: 4.096"
"12:27:28,7747740","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.130.496, Length: 4.096"
"12:27:28,7752937","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.134.592, Length: 4.096"
"12:27:28,7758143","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.138.688, Length: 4.096"
"12:27:28,7763345","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.142.784, Length: 4.096"
"12:27:28,7768556","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.146.880, Length: 4.096"
"12:27:28,7773752","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.150.976, Length: 4.096"
"12:27:28,7778945","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.155.072, Length: 4.096"
"12:27:28,7783829","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.159.168, Length: 4.096"
"12:27:28,7789030","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.163.264, Length: 4.096"
"12:27:28,7794227","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.167.360, Length: 4.096"
"12:27:28,7799424","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.171.456, Length: 4.096"
"12:27:28,7804308","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.175.552, Length: 4.096"
"12:27:28,7809510","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.179.648, Length: 4.096"
"12:27:28,7814707","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.183.744, Length: 4.096"
"12:27:28,7821135","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.187.840, Length: 4.096"
"12:27:28,7826355","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.191.936, Length: 4.096"
"12:27:28,7831556","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.196.032, Length: 4.096"
"12:27:28,7836763","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.200.128, Length: 4.096"
"12:27:28,7841959","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.204.224, Length: 4.096"
"12:27:28,7847156","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.208.320, Length: 4.096"
"12:27:28,7852045","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.212.416, Length: 4.096"
"12:27:28,7857247","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.216.512, Length: 4.096"
"12:27:28,7862443","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.220.608, Length: 4.096"
"12:27:28,7867654","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.224.704, Length: 4.096"
"12:27:28,7872860","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.228.800, Length: 4.096"
"12:27:28,7878053","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.232.896, Length: 4.096"
"12:27:28,7882932","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.236.992, Length: 4.096"
"12:27:28,7889300","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.241.088, Length: 4.096"
"12:27:28,7894534","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.245.184, Length: 4.096"
"12:27:28,7899749","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.249.280, Length: 4.096"
"12:27:28,7904946","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.253.376, Length: 4.096"
"12:27:28,7910148","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.257.472, Length: 4.096"
"12:27:28,7915027","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.261.568, Length: 4.096"
"12:27:28,7921050","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.265.664, Length: 4.096"
"12:27:28,7926261","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.269.760, Length: 4.096"
"12:27:28,7931453","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.273.856, Length: 4.096"
"12:27:28,7936650","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.277.952, Length: 4.096"
"12:27:28,7941851","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.282.048, Length: 4.096"
"12:27:28,7946726","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.286.144, Length: 4.096"
"12:27:28,7951923","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.290.240, Length: 4.096"
"12:27:28,7957120","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.294.336, Length: 4.096"
"12:27:28,7962312","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.298.432, Length: 4.096"
"12:27:28,7967191","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.302.528, Length: 4.096"
"12:27:28,7972383","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.306.624, Length: 4.096"
"12:27:28,7977576","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.310.720, Length: 4.096"
"12:27:28,7982777","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.314.816, Length: 4.096"
"12:27:28,7987969","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.318.912, Length: 4.096"
"12:27:28,7992858","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.323.008, Length: 4.096"
"12:27:28,7998055","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.327.104, Length: 4.096"
"12:27:28,8003252","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.331.200, Length: 4.096"
"12:27:28,8008439","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.335.296, Length: 4.096"
"12:27:28,8013319","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.339.392, Length: 4.096"
"12:27:28,8020503","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.343.488, Length: 4.096"
"12:27:28,8025765","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.347.584, Length: 4.096"
"12:27:28,8030967","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.351.680, Length: 4.096"
"12:27:28,8036163","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.355.776, Length: 4.096"
"12:27:28,8041365","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.359.872, Length: 4.096"
"12:27:28,8046552","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.363.968, Length: 4.096"
"12:27:28,8051432","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.368.064, Length: 4.096"
"12:27:28,8056661","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.372.160, Length: 4.096"
"12:27:28,8061849","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.376.256, Length: 4.096"
"12:27:28,8067041","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.380.352, Length: 4.096"
"12:27:28,8072224","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.384.448, Length: 4.096"
"12:27:28,8077099","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.388.544, Length: 4.096"
"12:27:28,8082291","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.392.640, Length: 4.096"
"12:27:28,8087469","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.396.736, Length: 4.096"
"12:27:28,8092353","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.400.832, Length: 4.096"
"12:27:28,8097545","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.404.928, Length: 4.096"
"12:27:28,8102747","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.409.024, Length: 4.096"
"12:27:28,8107930","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.413.120, Length: 4.096"
"12:27:28,8112809","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.417.216, Length: 4.096"
"12:27:28,8118048","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.421.312, Length: 4.096"
"12:27:28,8123599","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.425.408, Length: 4.096"
"12:27:28,8128792","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.429.504, Length: 4.096"
"12:27:28,8133676","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.433.600, Length: 4.096"
"12:27:28,8138868","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.437.696, Length: 4.096"
"12:27:28,8144051","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.441.792, Length: 4.096"
"12:27:28,8148930","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.445.888, Length: 4.096"
"12:27:28,8154123","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.449.984, Length: 4.096"
"12:27:28,8159319","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.454.080, Length: 4.096"
"12:27:28,8164507","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.458.176, Length: 4.096"
"12:27:28,8169377","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.462.272, Length: 4.096"
"12:27:28,8174574","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.466.368, Length: 4.096"
"12:27:28,8179775","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.470.464, Length: 2.048"
"12:27:28,8187015","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.670.442, Length: 16.200"
"12:27:28,8207089","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,8214324","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:28,8222292","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:27:28,8266876","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,8309794","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 856.064, Length: 4.096"
"12:27:28,8315410","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 860.160, Length: 4.096"
"12:27:28,8346857","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 864.256, Length: 4.096"
"12:27:28,8383706","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 987.136, Length: 4.096"
"12:27:28,8389742","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 991.232, Length: 4.096"
"12:27:28,8392989","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 854.016, Length: 4.096"
"12:27:28,8421054","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 993.280, Length: 4.096"
"12:27:28,8474039","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 997.376, Length: 4.096"
"12:27:28,8488412","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.078.784, Length: 4.096"
"12:27:28,8492083","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.084.928, Length: 4.096"
"12:27:28,8495652","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.394.176, Length: 4.096"
"12:27:28,8498917","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.170.944, Length: 4.096"
"12:27:28,8508891","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,8533812","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 181.248, Length: 4.096"
"12:27:28,8589950","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.216, Length: 4.096"
"12:27:28,8592367","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,8599621","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.024.512, Length: 4.096"
"12:27:28,8603619","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.216, Length: 4.096"
"12:27:28,8660429","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 1.026.560, Length: 4.096"
"12:27:28,8717011","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 3.072, Length: 4.096"
"12:27:28,8722287","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:28,8727092","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 11.264, Length: 4.096"
"12:27:28,8745481","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 220.160, Length: 4.096"
"12:27:28,8887516","SavService.exe","1536","ReadFile","C:\Windows\System32\crypt32.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,9561637","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:28,9565672","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:28,9568434","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:28,9570832","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:28,9572478","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:28,9574447","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:28,9576458","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:28,9608931","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:28,9619002","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 224, Length: 4.096"
"12:27:28,9622590","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 4.096, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:28,9671507","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:28,9677945","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.619.276, Length: 16.200"
"12:27:28,9687984","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:28,9693558","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:28,9697192","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 8.192, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:28,9713343","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:28,9720228","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:28,9725817","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:28,9731042","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:28,9736252","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:28,9741463","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:28,9746665","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:28,9751852","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:28,9756755","SavService.exe","1536","ReadFile","C:\Windows\System32\msasn1.dll","SUCCESS","Offset: 45.056, Length: 1.536"
"12:27:28,9762717","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.738.670, Length: 16.200"
"12:27:29,0215152","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0218679","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0220722","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976388, endtime: 976388, seqnum: 0, connid: 0"
"12:27:29,0238747","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0240399","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0241574","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0242419","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0243580","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0244831","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976388, endtime: 976388, seqnum: 0, connid: 0"
"12:27:29,0309348","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.036.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,0312515","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.036.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,0314167","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.036.279, Length: 2.920"
"12:27:29,0320156","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.039.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,0360639","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.039.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,0364315","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.039.199, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,0366307","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.039.199, Length: 7.300"
"12:27:29,0369521","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.046.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,0538427","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0541245","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0543265","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976388, endtime: 976388, seqnum: 0, connid: 0"
"12:27:29,0560880","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0562512","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0563361","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0564523","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0565367","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0567364","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0568572","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976388, endtime: 976388, seqnum: 0, connid: 0"
"12:27:29,0724430","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,0732001","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:29,0735206","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:29,0753325","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,0787818","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,0794214","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, FileAttributes: ANCI"
"12:27:29,0796234","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,0803030","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,0808656","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:29,0812678","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,0834263","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,0839935","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:29,0846280","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,0861562","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,0867179","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:29,0867347","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0870141","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0870757","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,0871377","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0873355","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976389, endtime: 976389, seqnum: 0, connid: 0"
"12:27:29,0888218","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0889622","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,0890173","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,0891759","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976389, endtime: 976389, seqnum: 0, connid: 0"
"12:27:29,0894478","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:29,0898038","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,0922972","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,0927787","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, FileAttributes: ANCI"
"12:27:29,0929774","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,0969114","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,0974376","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:27, LastWriteTime: 06.10.2013 12:27:27, ChangeTime: 06.10.2013 12:27:27, FileAttributes: DNCI"
"12:27:29,0976736","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,0999991","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1004069","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,1006028","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,1031746","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1036136","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,1038100","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,1063375","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1067433","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,1069388","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:29,1092316","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1096352","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:29,1098297","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:29,1120409","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1125214","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:29,1127164","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:29,1157659","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1163276","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:29,1165314","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,1190193","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1194583","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:29,1196547","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,1220231","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1224686","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:29,1226692","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:29,1233069","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1233111","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1236255","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1237487","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1238662","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1239516","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1242711","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1243476","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,1243924","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1251542","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1258306","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:29,1260345","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,1286408","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1290542","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 3472, seqnum: 0, connid: 0"
"12:27:29,1291768","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 3828, seqnum: 0, connid: 0"
"12:27:29,1292841","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:29,1294595","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1295640","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:29,1296947","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 17520, startime: 976389, endtime: 976389, seqnum: 0, connid: 0"
"12:27:29,1307853","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:29,1316670","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7900000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:29,1322259","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,1333530","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1339496","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:29,1344338","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:29,1360419","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,1404764","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1411934","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, FileAttributes: ANCI"
"12:27:29,1414766","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,1424366","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1430450","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:29,1436015","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,1455342","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1461705","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:29,1466510","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,1485413","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1491827","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:29,1496249","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,1515497","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1527873","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:29,1533252","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1535062","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,1536466","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976389, endtime: 976389, seqnum: 0, connid: 0"
"12:27:29,1554123","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1556120","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1557310","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1558177","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1559344","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1560911","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976389, endtime: 976389, seqnum: 0, connid: 0"
"12:27:29,1564727","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1569966","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, FileAttributes: ANCI"
"12:27:29,1571920","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,1595231","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1600069","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:27, LastWriteTime: 06.10.2013 12:27:27, ChangeTime: 06.10.2013 12:27:27, FileAttributes: DNCI"
"12:27:29,1602080","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,1625768","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1630149","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,1631782","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,1666158","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1671019","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,1673011","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,1696299","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1700702","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,1702671","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:29,1727134","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1731179","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:29,1733166","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:29,1766670","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1772739","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:29,1775566","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:29,1806453","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1812457","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:29,1815228","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,1847846","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1855926","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:29,1858337","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,1886015","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1890437","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:29,1892396","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:29,1898428","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1902883","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,1910058","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1915656","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:29,1918492","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,1933323","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,1935851","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1938603","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1939331","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:29,1941122","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976390, endtime: 976390, seqnum: 0, connid: 0"
"12:27:29,1941785","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:29,1949016","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:29,1951418","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7900000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:29,1953821","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,1963552","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1965959","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1967587","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1969187","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1970792","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1973623","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,1976021","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976390, endtime: 976390, seqnum: 0, connid: 0"
"12:27:29,1980663","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:29,2010412","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2015175","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, FileAttributes: ANCI"
"12:27:29,2017195","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,2023581","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2027672","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:29,2031623","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,2044517","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2048889","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:29,2052112","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,2064950","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2069321","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:29,2072186","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,2085835","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2090216","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:29,2093407","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,2118299","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2123113","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, FileAttributes: ANCI"
"12:27:29,2124755","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,2148790","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2152843","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:27, LastWriteTime: 06.10.2013 12:27:27, ChangeTime: 06.10.2013 12:27:27, FileAttributes: DNCI"
"12:27:29,2154779","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,2177661","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2181682","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,2183301","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,2205320","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2209010","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,2210941","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,2232260","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2236268","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,2237891","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:29,2260334","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2264314","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:29,2265928","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:29,2287219","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2291221","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:29,2292854","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:29,2314887","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2318894","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:29,2320503","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,2333136","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,2336672","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976390, endtime: 976390, seqnum: 0, connid: 0"
"12:27:29,2351983","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2355822","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,2358271","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,2359232","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:29,2359834","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,2361024","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:29,2361621","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,2362642","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976390, endtime: 976390, seqnum: 0, connid: 0"
"12:27:29,2394733","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2399571","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:29,2401558","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:29,2407636","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2412413","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,2420064","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2426068","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:29,2428083","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,2444107","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2449687","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:29,2453321","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:29,2455751","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:29,2464848","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,2468664","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:29,2475461","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,2743124","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,2783771","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2788571","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:27, LastWriteTime: 06.10.2013 12:27:27, ChangeTime: 06.10.2013 12:27:27, FileAttributes: DNCI"
"12:27:29,2790563","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,2796585","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2801031","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:29,2805034","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,2819434","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2823876","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:29,2827136","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,2840296","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2844346","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:29,2847522","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,2860398","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2864792","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:29,2867652","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,2891653","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2895684","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:27, LastWriteTime: 06.10.2013 12:27:27, ChangeTime: 06.10.2013 12:27:27, FileAttributes: DNCI"
"12:27:29,2897307","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,2918925","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2922974","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:27, LastWriteTime: 06.10.2013 12:27:27, ChangeTime: 06.10.2013 12:27:27, FileAttributes: DNCI"
"12:27:29,2924602","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,2945431","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2949462","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,2951090","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,2972293","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,2975969","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,2977909","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,2999182","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3003221","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,3004845","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:29,3028459","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3032485","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:29,3038965","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:29,3061380","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3065448","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:29,3067407","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:29,3089057","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3092724","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:29,3094683","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,3115956","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3120374","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:29,3122002","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,3145677","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3150034","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:29,3151666","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:29,3158459","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3162895","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,3169743","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3176116","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:29,3178126","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,3192201","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3197771","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:29,3200220","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:29,3209298","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:29,3215731","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:29,3221315","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:29,3224161","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,3234120","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3240572","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:29,3243021","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:29,3262241","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,3279884","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,3321738","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3326613","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,3328619","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,3335029","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3339811","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:29,3343822","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,3357859","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3362291","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:29,3365860","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,3379897","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3384315","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:29,3387193","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,3400423","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3404813","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:29,3407985","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,3432485","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3436516","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,3438466","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,3459780","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3463825","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,3465784","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,3487029","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3490709","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,3492645","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,3502913","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:29,3508105","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,3511650","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:29,3513964","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3514893","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:29,3519278","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:29,3520803","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,3522753","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:29,3523266","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:29,3526093","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:29,3544394","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3548075","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:29,3550001","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:29,3565792","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:29,3570150","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3570630","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:29,3574147","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:29,3575762","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:29,3596591","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3601036","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:29,3602977","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,3605048","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 216, Length: 4.096"
"12:27:29,3624665","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3628667","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:29,3630281","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,3637209","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,3643264","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 444.264, Length: 16.200"
"12:27:29,3651913","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3652935","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:29,3655603","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:29,3657534","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:29,3658528","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:29,3663151","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3664126","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:29,3667237","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,3670288","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:29,3674020","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3679068","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:29,3680001","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:29,3682002","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,3684727","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:29,3690292","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:29,3694906","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3695531","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:29,3700121","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:29,3700765","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:29,3702892","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:29,3705990","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:29,3711527","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:29,3711620","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:29,3716784","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:29,3718011","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,3723591","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:29,3728815","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:29,3734395","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:29,3739652","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:29,3741332","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:29,3744868","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:29,3750079","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:29,3755280","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:29,3760164","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:29,3765366","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:29,3770563","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:29,3775769","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:29,3780975","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:29,3786172","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:29,3791368","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:29,3796257","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:29,3801459","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:29,3806670","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:29,3811880","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:29,3817506","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:29,3823100","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:29,3828320","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:29,3831977","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,3833545","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:29,3838756","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:29,3843966","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:29,3849186","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:29,3854397","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:29,3856025","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3859613","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:29,3860798","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:27, LastWriteTime: 06.10.2013 12:27:27, ChangeTime: 06.10.2013 12:27:27, FileAttributes: DNCI"
"12:27:29,3862449","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,3864875","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:29,3868835","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3870090","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:29,3873626","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:29,3875296","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:29,3877293","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,3880503","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:29,3885709","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:29,3890873","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3890943","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:29,3895300","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:29,3896154","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:29,3898551","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,3901374","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:29,3906580","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:29,3911408","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3911800","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:29,3915798","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:29,3917011","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:29,3922968","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,3923416","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:29,3929056","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:29,3934276","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:29,3939841","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:29,3943466","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,3945066","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:29,3948691","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:29,3950286","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:29,3952292","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,3955506","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:29,3960717","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:29,3965942","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:29,3971162","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:29,3976392","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:29,3977161","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,3981607","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:29,3987168","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:29,3992397","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:29,3997603","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:29,4000034","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4002819","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:29,4004438","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:27, LastWriteTime: 06.10.2013 12:27:27, ChangeTime: 06.10.2013 12:27:27, FileAttributes: DNCI"
"12:27:29,4006397","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,4008062","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 274.432, Length: 4.096"
"12:27:29,4014043","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 278.528, Length: 4.096"
"12:27:29,4019328","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 282.624, Length: 4.096"
"12:27:29,4026890","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 286.720, Length: 4.096"
"12:27:29,4032143","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 290.816, Length: 4.096"
"12:27:29,4037359","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 294.912, Length: 4.096"
"12:27:29,4042915","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 299.008, Length: 4.096"
"12:27:29,4043381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4044081","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:29,4048564","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 303.104, Length: 4.096"
"12:27:29,4048984","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,4049586","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:29,4050999","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,4053812","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 307.200, Length: 4.096"
"12:27:29,4055221","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:29,4058472","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:29,4059368","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 311.296, Length: 4.096"
"12:27:29,4060889","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:29,4063249","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:29,4064611","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 315.392, Length: 4.096"
"12:27:29,4066048","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:29,4068110","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:29,4069836","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 319.488, Length: 4.096"
"12:27:29,4070480","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:29,4072873","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:29,4074907","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:29,4075056","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 323.584, Length: 4.096"
"12:27:29,4076316","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4077687","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:29,4079670","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:29,4081102","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 327.680, Length: 4.096"
"12:27:29,4081130","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,4082525","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:29,4083929","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,4084517","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:29,4086514","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:29,4086700","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 331.776, Length: 4.096"
"12:27:29,4088534","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4090171","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:29,4091930","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 335.872, Length: 4.096"
"12:27:29,4092536","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:29,4094570","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:29,4096590","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:29,4097504","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 339.968, Length: 4.096"
"12:27:29,4098997","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:29,4101339","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:29,4102762","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 344.064, Length: 4.096"
"12:27:29,4103378","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:29,4105020","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:29,4107362","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:29,4107991","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 348.160, Length: 4.096"
"12:27:29,4109008","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:29,4109302","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4110977","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:29,4112988","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4113216","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 352.256, Length: 4.096"
"12:27:29,4114093","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,4114625","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:29,4115735","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:29,4117018","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4119173","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 356.352, Length: 4.096"
"12:27:29,4124398","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 360.448, Length: 4.096"
"12:27:29,4125438","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4127874","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4129623","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 364.544, Length: 4.096"
"12:27:29,4130673","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4133042","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:29,4134848","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 368.640, Length: 4.096"
"12:27:29,4135473","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4137516","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4139527","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4140063","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 372.736, Length: 4.096"
"12:27:29,4141892","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4144187","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4144318","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4145279","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 376.832, Length: 4.096"
"12:27:29,4146729","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4148633","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:29,4148731","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:29,4150503","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 380.928, Length: 4.096"
"12:27:29,4150587","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:29,4151096","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4152761","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:29,4155733","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 385.024, Length: 4.096"
"12:27:29,4156353","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4160608","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4161326","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 389.120, Length: 4.096"
"12:27:29,4165898","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4166565","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 393.216, Length: 4.096"
"12:27:29,4172294","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:29,4174094","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 397.312, Length: 4.096"
"12:27:29,4177122","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4178479","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4181740","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 401.408, Length: 4.096"
"12:27:29,4181936","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:29,4182962","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4183900","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:29,4186181","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4187366","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 405.504, Length: 4.096"
"12:27:29,4189769","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4192162","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4192932","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 409.600, Length: 4.096"
"12:27:29,4195754","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4197774","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:29,4198226","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 413.696, Length: 4.096"
"12:27:29,4200181","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4201837","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:29,4203451","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 417.792, Length: 4.096"
"12:27:29,4205980","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4208993","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 421.888, Length: 4.096"
"12:27:29,4210015","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:29,4211634","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,4214223","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 425.984, Length: 4.096"
"12:27:29,4214722","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4217945","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4220296","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 430.080, Length: 4.096"
"12:27:29,4221603","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4223987","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:29,4225853","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 434.176, Length: 4.096"
"12:27:29,4226809","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4229179","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4231087","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 438.272, Length: 4.096"
"12:27:29,4231199","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4233247","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4235234","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4236325","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 442.368, Length: 4.096"
"12:27:29,4236853","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4237636","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4239614","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:29,4241280","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:29,4241555","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 446.464, Length: 4.096"
"12:27:29,4242003","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4243253","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,4243663","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:29,4246780","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 450.560, Length: 4.096"
"12:27:29,4251986","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 454.656, Length: 4.096"
"12:27:29,4254640","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4257211","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 458.752, Length: 4.096"
"12:27:29,4257854","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4261087","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4262739","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 462.848, Length: 4.096"
"12:27:29,4263476","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:29,4265342","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4265906","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4267963","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 466.944, Length: 4.096"
"12:27:29,4269386","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:29,4271010","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:29,4273184","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 471.040, Length: 4.096"
"12:27:29,4277000","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4278394","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 475.136, Length: 4.096"
"12:27:29,4281450","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,4283601","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 479.232, Length: 4.096"
"12:27:29,4287393","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4290598","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4291802","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4292851","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 483.328, Length: 4.096"
"12:27:29,4293822","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4297036","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:29,4297899","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:29,4300185","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4300241","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,4302111","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 487.424, Length: 4.096"
"12:27:29,4302582","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4304602","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4306632","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,4307784","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 491.520, Length: 4.096"
"12:27:29,4308638","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:29,4311012","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4313429","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:29,4313764","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 495.616, Length: 4.096"
"12:27:29,4315808","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:29,4317226","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:29,4317482","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:29,4319764","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 499.712, Length: 4.096"
"12:27:29,4324988","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 503.808, Length: 4.096"
"12:27:29,4330204","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 507.904, Length: 4.096"
"12:27:29,4335419","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 512.000, Length: 4.096"
"12:27:29,4340635","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 516.096, Length: 4.096"
"12:27:29,4345892","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 520.192, Length: 4.096"
"12:27:29,4351439","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 524.288, Length: 4.096"
"12:27:29,4356654","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 528.384, Length: 4.096"
"12:27:29,4361543","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 532.480, Length: 4.096"
"12:27:29,4366749","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 536.576, Length: 4.096"
"12:27:29,4371960","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 540.672, Length: 4.096"
"12:27:29,4377171","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 544.768, Length: 4.096"
"12:27:29,4382377","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 548.864, Length: 4.096"
"12:27:29,4387593","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 552.960, Length: 4.096"
"12:27:29,4392804","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 557.056, Length: 4.096"
"12:27:29,4398024","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 561.152, Length: 4.096"
"12:27:29,4399404","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:29,4402591","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:29,4403239","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 565.248, Length: 4.096"
"12:27:29,4408441","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 569.344, Length: 4.096"
"12:27:29,4412126","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,4413661","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 573.440, Length: 4.096"
"12:27:29,4414561","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,4416936","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:29,4421773","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 577.536, Length: 4.096"
"12:27:29,4426979","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:29,4429797","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 581.632, Length: 4.096"
"12:27:29,4430184","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:29,4432964","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:29,4435791","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 585.728, Length: 4.096"
"12:27:29,4441030","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 589.824, Length: 4.096"
"12:27:29,4446250","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 593.920, Length: 4.096"
"12:27:29,4451461","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 598.016, Length: 4.096"
"12:27:29,4457017","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 602.112, Length: 4.096"
"12:27:29,4457055","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,4462233","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 606.208, Length: 4.096"
"12:27:29,4467434","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 610.304, Length: 4.096"
"12:27:29,4472332","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 614.400, Length: 4.096"
"12:27:29,4477525","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 618.496, Length: 4.096"
"12:27:29,4482726","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 622.592, Length: 4.096"
"12:27:29,4487955","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 626.688, Length: 4.096"
"12:27:29,4493157","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 630.784, Length: 4.096"
"12:27:29,4496572","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4498372","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 634.880, Length: 4.096"
"12:27:29,4502151","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, FileAttributes: ANCI"
"12:27:29,4503597","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 638.976, Length: 4.096"
"12:27:29,4504176","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,4508808","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 643.072, Length: 4.096"
"12:27:29,4510613","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4514019","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 647.168, Length: 4.096"
"12:27:29,4515414","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:29,4520233","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,4521264","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 651.264, Length: 4.096"
"12:27:29,4526838","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 655.360, Length: 4.096"
"12:27:29,4532054","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 659.456, Length: 4.096"
"12:27:29,4536276","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4537269","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 663.552, Length: 4.096"
"12:27:29,4540712","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:29,4542545","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 667.648, Length: 4.096"
"12:27:29,4544304","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,4547756","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 671.744, Length: 4.096"
"12:27:29,4552958","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 675.840, Length: 4.096"
"12:27:29,4557170","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4558178","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 679.936, Length: 4.096"
"12:27:29,4561574","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:29,4563393","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 684.032, Length: 4.096"
"12:27:29,4564760","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,4568604","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 688.128, Length: 4.096"
"12:27:29,4573810","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 692.224, Length: 4.096"
"12:27:29,4577976","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4579030","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 696.320, Length: 4.096"
"12:27:29,4582398","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:29,4584246","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 700.416, Length: 4.096"
"12:27:29,4585258","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,4589447","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 704.512, Length: 4.096"
"12:27:29,4594653","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 708.608, Length: 4.096"
"12:27:29,4599864","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 712.704, Length: 4.096"
"12:27:29,4605066","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 716.800, Length: 4.096"
"12:27:29,4608098","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4610286","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 720.896, Length: 4.096"
"12:27:29,4612866","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, FileAttributes: ANCI"
"12:27:29,4614508","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,4615497","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 724.992, Length: 4.096"
"12:27:29,4621146","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 729.088, Length: 4.096"
"12:27:29,4626361","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 733.184, Length: 4.096"
"12:27:29,4629100","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:29,4631591","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 737.280, Length: 4.096"
"12:27:29,4632295","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:29,4634353","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:29,4636811","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 741.376, Length: 4.096"
"12:27:29,4638322","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:29,4638957","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4642791","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 745.472, Length: 4.096"
"12:27:29,4643053","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:29,4643435","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:29,4645385","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,4648021","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 749.568, Length: 4.096"
"12:27:29,4653232","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 753.664, Length: 4.096"
"12:27:29,4658452","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 757.760, Length: 4.096"
"12:27:29,4663663","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 761.856, Length: 4.096"
"12:27:29,4666256","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4668887","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 765.952, Length: 4.096"
"12:27:29,4670278","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,4671901","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,4674103","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 770.048, Length: 4.096"
"12:27:29,4679309","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 774.144, Length: 4.096"
"12:27:29,4684525","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 778.240, Length: 4.096"
"12:27:29,4689773","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 782.336, Length: 4.096"
"12:27:29,4693514","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4694997","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 786.432, Length: 4.096"
"12:27:29,4697199","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,4699135","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,4700204","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 790.528, Length: 4.096"
"12:27:29,4705419","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 794.624, Length: 4.096"
"12:27:29,4710616","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 798.720, Length: 4.096"
"12:27:29,4715831","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 802.816, Length: 4.096"
"12:27:29,4720053","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4722264","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 806.912, Length: 4.096"
"12:27:29,4724420","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,4726043","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:29,4731091","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 811.008, Length: 4.096"
"12:27:29,4737486","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 815.104, Length: 4.096"
"12:27:29,4742758","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 819.200, Length: 4.096"
"12:27:29,4747334","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4748314","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 823.296, Length: 4.096"
"12:27:29,4751327","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:29,4752951","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:29,4753543","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 827.392, Length: 4.096"
"12:27:29,4758768","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 831.488, Length: 4.096"
"12:27:29,4764002","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 835.584, Length: 4.096"
"12:27:29,4769236","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 839.680, Length: 4.096"
"12:27:29,4774172","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4774783","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 843.776, Length: 4.096"
"12:27:29,4778174","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:29,4779803","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:29,4780012","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 847.872, Length: 4.096"
"12:27:29,4785228","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 851.968, Length: 4.096"
"12:27:29,4790117","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 856.064, Length: 4.096"
"12:27:29,4795332","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 860.160, Length: 4.096"
"12:27:29,4800548","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 864.256, Length: 4.096"
"12:27:29,4801080","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4805096","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:29,4806146","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 868.352, Length: 4.096"
"12:27:29,4807051","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,4811366","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 872.448, Length: 4.096"
"12:27:29,4816572","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 876.544, Length: 4.096"
"12:27:29,4824171","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 880.640, Length: 4.096"
"12:27:29,4828374","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4829419","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 884.736, Length: 4.096"
"12:27:29,4832368","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:29,4833977","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,4834635","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 888.832, Length: 4.096"
"12:27:29,4839850","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 892.928, Length: 4.096"
"12:27:29,4845057","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 897.024, Length: 4.096"
"12:27:29,4850281","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 901.120, Length: 4.096"
"12:27:29,4854844","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4855497","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 905.216, Length: 4.096"
"12:27:29,4858842","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:29,4860470","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:29,4860712","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 909.312, Length: 4.096"
"12:27:29,4866105","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4866716","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 913.408, Length: 4.096"
"12:27:29,4870859","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,4872314","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 917.504, Length: 4.096"
"12:27:29,4877315","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4877548","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 921.600, Length: 4.096"
"12:27:29,4882773","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 925.696, Length: 4.096"
"12:27:29,4882904","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:29,4884914","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,4887993","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 929.792, Length: 4.096"
"12:27:29,4893199","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 933.888, Length: 4.096"
"12:27:29,4898839","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 937.984, Length: 4.096"
"12:27:29,4899334","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4904400","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 942.080, Length: 4.096"
"12:27:29,4906588","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:29,4909629","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 946.176, Length: 4.096"
"12:27:29,4910231","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:29,4912988","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:29,4914850","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 950.272, Length: 4.096"
"12:27:29,4920434","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 954.368, Length: 4.096"
"12:27:29,4921017","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:29,4923452","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:29,4925658","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 958.464, Length: 4.096"
"12:27:29,4926680","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,4929045","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:26, LastWriteTime: 06.10.2013 12:27:26, ChangeTime: 06.10.2013 12:27:27, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:29,4930879","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 962.560, Length: 4.096"
"12:27:29,4936085","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 966.656, Length: 4.096"
"12:27:29,4941300","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 970.752, Length: 4.096"
"12:27:29,4946506","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 974.848, Length: 4.096"
"12:27:29,4951400","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 978.944, Length: 4.096"
"12:27:29,4956727","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,4957749","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 983.040, Length: 4.096"
"12:27:29,4965819","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 987.136, Length: 4.096"
"12:27:29,4971445","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 991.232, Length: 4.096"
"12:27:29,4977015","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 995.328, Length: 4.096"
"12:27:29,4982240","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 999.424, Length: 4.096"
"12:27:29,4987460","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.003.520, Length: 4.096"
"12:27:29,4992676","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.007.616, Length: 4.096"
"12:27:29,4995423","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,4997891","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.011.712, Length: 4.096"
"12:27:29,5000667","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:29,5002650","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:29,5003116","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.015.808, Length: 4.096"
"12:27:29,5008355","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.019.904, Length: 4.096"
"12:27:29,5009083","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5013580","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.024.000, Length: 4.096"
"12:27:29,5013864","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:29,5017923","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,5019560","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.028.096, Length: 4.096"
"12:27:29,5025597","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.032.192, Length: 4.096"
"12:27:29,5030817","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.036.288, Length: 4.096"
"12:27:29,5033928","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5036037","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.040.384, Length: 4.096"
"12:27:29,5038360","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:29,5041644","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.044.480, Length: 4.096"
"12:27:29,5041966","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,5046874","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.048.576, Length: 4.096"
"12:27:29,5055168","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5059236","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:29,5062418","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,5063304","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.052.672, Length: 4.096"
"12:27:29,5068888","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.056.768, Length: 4.096"
"12:27:29,5074103","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.060.864, Length: 4.096"
"12:27:29,5075661","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5079333","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.064.960, Length: 4.096"
"12:27:29,5080107","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:29,5083275","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,5084558","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.069.056, Length: 4.096"
"12:27:29,5089773","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.073.152, Length: 4.096"
"12:27:29,5094984","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.077.248, Length: 4.096"
"12:27:29,5100190","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.081.344, Length: 4.096"
"12:27:29,5105410","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.085.440, Length: 4.096"
"12:27:29,5106567","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5110616","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.089.536, Length: 4.096"
"12:27:29,5111363","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:29,5112995","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:29,5115832","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.093.632, Length: 4.096"
"12:27:29,5121495","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.097.728, Length: 4.096"
"12:27:29,5126706","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.101.824, Length: 4.096"
"12:27:29,5131921","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.105.920, Length: 4.096"
"12:27:29,5136264","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5137146","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.110.016, Length: 4.096"
"12:27:29,5140631","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:29,5142259","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,5142357","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.114.112, Length: 4.096"
"12:27:29,5148328","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.118.208, Length: 4.096"
"12:27:29,5153548","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.122.304, Length: 4.096"
"12:27:29,5158764","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.126.400, Length: 4.096"
"12:27:29,5163135","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5163975","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.130.496, Length: 4.096"
"12:27:29,5167142","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,5168770","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,5169190","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.134.592, Length: 4.096"
"12:27:29,5174401","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.138.688, Length: 4.096"
"12:27:29,5179598","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.142.784, Length: 4.096"
"12:27:29,5184822","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.146.880, Length: 4.096"
"12:27:29,5189721","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.150.976, Length: 4.096"
"12:27:29,5190812","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5194852","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,5195267","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.155.072, Length: 4.096"
"12:27:29,5196811","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,5200474","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.159.168, Length: 4.096"
"12:27:29,5205362","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.163.264, Length: 4.096"
"12:27:29,5210573","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.167.360, Length: 4.096"
"12:27:29,5215770","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.171.456, Length: 4.096"
"12:27:29,5222049","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5222142","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.175.552, Length: 4.096"
"12:27:29,5226476","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,5227372","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.179.648, Length: 4.096"
"12:27:29,5228118","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:29,5232578","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.183.744, Length: 4.096"
"12:27:29,5237770","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.187.840, Length: 4.096"
"12:27:29,5242678","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.191.936, Length: 4.096"
"12:27:29,5247875","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.196.032, Length: 4.096"
"12:27:29,5249353","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5253375","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:29,5253850","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.200.128, Length: 4.096"
"12:27:29,5254998","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:29,5259113","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.204.224, Length: 4.096"
"12:27:29,5264328","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.208.320, Length: 4.096"
"12:27:29,5269539","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.212.416, Length: 4.096"
"12:27:29,5274745","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.216.512, Length: 4.096"
"12:27:29,5275449","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5279438","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:29,5279960","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.220.608, Length: 4.096"
"12:27:29,5281071","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:29,5285171","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.224.704, Length: 4.096"
"12:27:29,5290377","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.228.800, Length: 4.096"
"12:27:29,5295593","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.232.896, Length: 4.096"
"12:27:29,5300804","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.236.992, Length: 4.096"
"12:27:29,5302707","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5306024","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.241.088, Length: 4.096"
"12:27:29,5306374","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:29,5307992","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,5311235","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.245.184, Length: 4.096"
"12:27:29,5316431","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.249.280, Length: 4.096"
"12:27:29,5322043","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.253.376, Length: 4.096"
"12:27:29,5327250","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.257.472, Length: 4.096"
"12:27:29,5329983","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5332143","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.261.568, Length: 4.096"
"12:27:29,5334443","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:29,5336066","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,5337694","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.265.664, Length: 4.096"
"12:27:29,5342910","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.269.760, Length: 4.096"
"12:27:29,5348125","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.273.856, Length: 4.096"
"12:27:29,5353341","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.277.952, Length: 4.096"
"12:27:29,5357311","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5358552","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.282.048, Length: 4.096"
"12:27:29,5361318","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:29,5362927","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:29,5363762","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.286.144, Length: 4.096"
"12:27:29,5368544","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5368973","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.290.240, Length: 1.952"
"12:27:29,5372957","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,5375849","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 556.530, Length: 16.200"
"12:27:29,5379404","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5384970","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:29,5386962","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,5400667","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5402930","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,5407865","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:29,5411485","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:29,5414238","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:29,5421053","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:29,5423932","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:29,5435086","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:29,5472340","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.257.472, Length: 4.096"
"12:27:29,5483126","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 216, Length: 4.096"
"12:27:29,5488360","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,5493212","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.266.156, Length: 4.096"
"12:27:29,5496780","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.257.472, Length: 4.096"
"12:27:29,5507640","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 32, Length: 4.096"
"12:27:29,5512865","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.276.649, Length: 4.096"
"12:27:29,5518552","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,5519256","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 216, Length: 4.096"
"12:27:29,5524509","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,5528861","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.288.096, Length: 4.096"
"12:27:29,5532458","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.282.720, Length: 4.096"
"12:27:29,5540113","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.288.096, Length: 4.096"
"12:27:29,5544531","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.282.720, Length: 4.096"
"12:27:29,5548585","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:29,5550586","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5556987","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:29,5559767","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,5562963","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,5568570","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5574616","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:29,5579397","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,5596658","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5602261","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:29,5606319","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,5612757","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 5.476, Length: 4.096"
"12:27:29,5627200","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5631827","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,5633236","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:29,5636824","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,5637467","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.277.440, Length: 14.752"
"12:27:29,5644255","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:29,5649606","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 21.504, Length: 4.096"
"12:27:29,5654891","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 9.216, Length: 4.096"
"12:27:29,5657247","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5659309","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 17.408, Length: 4.096"
"12:27:29,5662901","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:29,5667272","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,5668895","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 23.552, Length: 4.096"
"12:27:29,5697357","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:29,5708646","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 27.648, Length: 4.096"
"12:27:29,5736622","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5740485","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 3.072, Length: 4.096"
"12:27:29,5742239","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:29,5744258","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,5748471","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 11.264, Length: 4.096"
"12:27:29,5754144","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 31.744, Length: 4.096"
"12:27:29,5767877","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5772272","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:29,5773909","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:29,5787396","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 35.840, Length: 4.096"
"12:27:29,5797197","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5801559","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,5803196","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:29,5816305","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 39.936, Length: 4.096"
"12:27:29,5831139","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 19.456, Length: 4.096"
"12:27:29,5834666","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5839560","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 41.984, Length: 4.096"
"12:27:29,5840623","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:29,5842648","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:29,5845167","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 5.120, Length: 4.096"
"12:27:29,5853970","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 13.312, Length: 4.096"
"12:27:29,5863594","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 44.032, Length: 4.096"
"12:27:29,5867149","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5871534","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:29,5873171","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:29,5892941","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 48.128, Length: 4.096"
"12:27:29,5901744","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5907356","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:29,5909381","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:29,5928204","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 52.224, Length: 4.096"
"12:27:29,5934278","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5938672","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:29,5940641","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:29,5948254","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:29,5954683","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 15.360, Length: 4.096"
"12:27:29,5962692","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5963910","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 56.320, Length: 4.096"
"12:27:29,5966746","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:29,5968374","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:29,5989987","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,5992819","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 60.416, Length: 4.096"
"12:27:29,5994023","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:29,5995651","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:29,6001613","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,6006035","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,6012841","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,6019326","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:29,6021667","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:29,6026538","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 64.512, Length: 4.096"
"12:27:29,6028954","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:29,6040122","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:29,6087061","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:29,6129261","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.277.440, Length: 4.096"
"12:27:29,6134019","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 904.704, Length: 4.096"
"12:27:29,6144851","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,6148000","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:29,6149614","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:29,6168694","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:29,6169147","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.277.440, Length: 4.096"
"12:27:29,6171876","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:29,6177077","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:29,6188800","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 875.520, Length: 4.096"
"12:27:29,6205212","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 379.904, Length: 4.096"
"12:27:29,6280523","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.277.440, Length: 4.096"
"12:27:29,6286957","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.281.536, Length: 10.656"
"12:27:29,6295204","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 216, Length: 4.096"
"12:27:29,6354170","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,6359427","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 4.096, Length: 57.720"
"12:27:29,6365044","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 61.816, Length: 61.440"
"12:27:29,6369868","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 123.256, Length: 61.440"
"12:27:29,6373842","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 184.696, Length: 61.440"
"12:27:29,6377448","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 246.136, Length: 61.440"
"12:27:29,6381059","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 307.576, Length: 61.440"
"12:27:29,6384329","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 369.016, Length: 61.440"
"12:27:29,6387926","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 430.456, Length: 61.440"
"12:27:29,6391522","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 491.896, Length: 61.440"
"12:27:29,6395516","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 553.336, Length: 61.440"
"12:27:29,6399126","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 614.776, Length: 61.440"
"12:27:29,6402401","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 676.216, Length: 61.440"
"12:27:29,6405993","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 737.656, Length: 61.440"
"12:27:29,6409599","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 799.096, Length: 61.440"
"12:27:29,6413210","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 860.536, Length: 61.440"
"12:27:29,6417618","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 921.976, Length: 61.440"
"12:27:29,6421584","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 983.416, Length: 61.440"
"12:27:29,6424849","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.044.856, Length: 4.096"
"12:27:29,6646815","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.046.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6650015","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.046.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6651974","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.046.499, Length: 2.920"
"12:27:29,6655585","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.049.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6688902","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.049.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6691701","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.049.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6693343","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.049.419, Length: 8.760"
"12:27:29,6696893","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.058.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6728182","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.058.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6731433","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.058.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6733840","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.058.179, Length: 7.300"
"12:27:29,6737857","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.065.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6771580","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.065.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6774332","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.075.712, EndOfFile: 409.065.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6778759","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.065.479, Length: 16.384, Priority: Normal"
"12:27:29,6800466","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.081.863, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6802877","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.081.863, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6805261","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.081.863, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6807258","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.081.863, Length: 1.136"
"12:27:29,6809712","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.082.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6850810","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.082.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6853614","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.082.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6855251","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.082.999, Length: 1.460"
"12:27:29,6858083","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.084.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6888546","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.084.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6891359","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.084.459, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6893001","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.084.459, Length: 7.300"
"12:27:29,6897843","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.091.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6923589","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.091.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6926374","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.091.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6928011","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.091.759, Length: 2.920"
"12:27:29,6931202","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.094.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6950096","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.094.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6954485","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.094.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6956920","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.094.679, Length: 4.380"
"12:27:29,6960918","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.099.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6975021","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.099.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6977768","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.099.059, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6979802","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.099.059, Length: 2.920"
"12:27:29,6982998","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.101.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,6999451","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.101.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7001863","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.101.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7003878","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.101.979, Length: 1.460"
"12:27:29,7006645","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.103.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7028300","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.103.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7031094","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.103.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7033044","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.103.439, Length: 1.460"
"12:27:29,7035866","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.104.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7059774","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.104.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7062587","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.104.899, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7064565","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.104.899, Length: 4.380"
"12:27:29,7067434","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.109.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7087344","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.109.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7090153","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.109.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7092490","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.109.279, Length: 1.460"
"12:27:29,7095336","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.110.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:29,7123895","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,7127109","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:29,7130701","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:29,7133952","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:29,7136383","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:29,7138757","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,7140782","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:29,7143189","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:29,7145592","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:29,7147621","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:29,7149604","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,7151586","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:29,7153634","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:29,7156013","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:29,7158024","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:29,7160002","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,7161658","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:29,7164004","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:29,7166048","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:29,7168040","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:29,7317641","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.048.952, Length: 61.440"
"12:27:29,7322456","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.110.392, Length: 61.440"
"12:27:29,7326038","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.171.832, Length: 61.440"
"12:27:29,7329257","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.233.272, Length: 44.168"
"12:27:29,7543782","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.286.438, Length: 4.096"
"12:27:29,7651404","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,7660612","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 876.544, Length: 4.096"
"12:27:29,7664983","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,7697097","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 850.944, Length: 4.096"
"12:27:29,7701557","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 855.040, Length: 4.096"
"12:27:29,7705951","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 830.464, Length: 4.096"
"12:27:29,7710341","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 834.560, Length: 4.096"
"12:27:29,7829476","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.256.960, Length: 4.096"
"12:27:29,7836730","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,7931401","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.277.440, Length: 4.096"
"12:27:29,8133597","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,8375113","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.291.776, Length: 416"
"12:27:29,8379554","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.257.472, Length: 4.096"
"12:27:29,8383967","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 876.032, Length: 4.096"
"12:27:29,8390787","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 2.048, Length: 4.096"
"12:27:29,8395224","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 6.144, Length: 4.096"
"12:27:29,8399973","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 10.240, Length: 4.096"
"12:27:29,8404027","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 14.336, Length: 4.096"
"12:27:29,8408062","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 18.432, Length: 4.096"
"12:27:29,8412419","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 22.528, Length: 4.096"
"12:27:29,8416501","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 26.624, Length: 4.096"
"12:27:29,8421278","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 30.720, Length: 4.096"
"12:27:29,8425327","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 34.816, Length: 4.096"
"12:27:29,8430053","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 38.912, Length: 4.096"
"12:27:29,8434111","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 43.008, Length: 4.096"
"12:27:29,8438146","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 47.104, Length: 4.096"
"12:27:29,8442489","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 51.200, Length: 4.096"
"12:27:29,8446581","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 55.296, Length: 4.096"
"12:27:29,8450938","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 59.392, Length: 4.096"
"12:27:29,8454987","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 63.488, Length: 4.096"
"12:27:29,8480668","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.265.664, Length: 4.096"
"12:27:29,8486681","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 1.080.832, Length: 4.096"
"12:27:29,8492648","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 888.832, Length: 4.096"
"12:27:29,8500345","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 437.248, Length: 4.096"
"12:27:29,8703762","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 736, Length: 4.096"
"12:27:29,8956661","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,9287521","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 66.560, Length: 4.096"
"12:27:29,9293199","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 70.656, Length: 4.096"
"12:27:29,9297948","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 74.752, Length: 4.096"
"12:27:29,9302011","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 78.848, Length: 4.096"
"12:27:29,9385412","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 901.120, Length: 4.096"
"12:27:29,9620934","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:29,9967632","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:29,9971993","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:29,9974429","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:29,9976817","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:29,9978464","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:29,9980432","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:29,9982448","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:30,0014911","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:30,0020174","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:30,0039058","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:30,0069016","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,0075398","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 394.206, Length: 16.200"
"12:27:30,0096666","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,0101088","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Filter: ntdll.dll.mui, 1: ntdll.dll.mui"
"12:27:30,0105464","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:30,0142728","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,0148755","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:30,0150784","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:30,0157586","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,0161556","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:30,0165157","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:30,0192480","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,0195708","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:30,0197640","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:30,0203671","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,0207277","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:30,0210506","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:30,0225345","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,0228979","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:30,0232184","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:30,0316466","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 403.148, Length: 4.096"
"12:27:30,0320488","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 401.408, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:30,0332463","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 512, Length: 4.096"
"12:27:30,0341303","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 342.016, Length: 4.096"
"12:27:30,0344545","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 339.968, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:30,0361325","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 32, Length: 4.096"
"12:27:30,0365743","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 413.641, Length: 567"
"12:27:30,0368962","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 409.600, Length: 4.608, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:30,0383367","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:30,0387780","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,0390999","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 410.112, Length: 4.096"
"12:27:30,0393784","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 404.736, Length: 4.096"
"12:27:30,0396569","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 410.112, Length: 4.096"
"12:27:30,0399037","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 404.736, Length: 4.096"
"12:27:30,0402200","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:30,0413806","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,0452773","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 5.476, Length: 4.096"
"12:27:30,0463572","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,0470407","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 412.160, Length: 2.048"
"12:27:30,0478454","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,0504895","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:30,0598764","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,0669416","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 4.096, Length: 57.344"
"12:27:30,0673031","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 61.440, Length: 61.440"
"12:27:30,0676623","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 122.880, Length: 61.440"
"12:27:30,0701371","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 184.320, Length: 61.440"
"12:27:30,0705415","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 245.760, Length: 61.440"
"12:27:30,0728549","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 307.200, Length: 61.440"
"12:27:30,0732925","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 368.640, Length: 45.568"
"12:27:30,0821616","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,0861329","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,0866139","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Filter: ntdll.dll.mui, 1: ntdll.dll.mui"
"12:27:30,0870575","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:30,0881365","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 59.904, Length: 4.096"
"12:27:30,0915060","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,0918242","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,0920644","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976399, endtime: 976399, seqnum: 0, connid: 0"
"12:27:30,0943134","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,0944725","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,0945593","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,0946764","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,0947921","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,0949917","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,0951154","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976399, endtime: 976399, seqnum: 0, connid: 0"
"12:27:30,1077062","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.110.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,1081517","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.110.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,1084661","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.110.739, Length: 11.680"
"12:27:30,1091104","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.122.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,1092676","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 61.440"
"12:27:30,1096683","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 61.440, Length: 61.440"
"12:27:30,1099902","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 122.880, Length: 61.440"
"12:27:30,1103097","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 184.320, Length: 61.440"
"12:27:30,1105966","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 245.760, Length: 61.440"
"12:27:30,1109166","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 307.200, Length: 61.440"
"12:27:30,1112357","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 368.640, Length: 45.568"
"12:27:30,1194363","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 4.608, Length: 4.096"
"12:27:30,1201995","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 8.704, Length: 4.096"
"12:27:30,1207617","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 12.800, Length: 4.096"
"12:27:30,1213634","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 16.896, Length: 4.096"
"12:27:30,1228418","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 20.992, Length: 4.096"
"12:27:30,1238079","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 25.088, Length: 4.096"
"12:27:30,1243332","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 29.184, Length: 4.096"
"12:27:30,1249312","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 33.280, Length: 4.096"
"12:27:30,1254924","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 37.376, Length: 4.096"
"12:27:30,1265808","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 41.472, Length: 4.096"
"12:27:30,1272217","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 45.568, Length: 4.096"
"12:27:30,1277792","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 49.664, Length: 4.096"
"12:27:30,1283026","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 53.760, Length: 4.096"
"12:27:30,1288246","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 57.856, Length: 4.096"
"12:27:30,1293023","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 64.000, Length: 4.096"
"12:27:30,1298668","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 68.096, Length: 4.096"
"12:27:30,1303893","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 72.192, Length: 4.096"
"12:27:30,1309104","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 76.288, Length: 4.096"
"12:27:30,1314314","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 80.384, Length: 4.096"
"12:27:30,1334649","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1337429","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1339025","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:30,1341040","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976399, endtime: 976399, seqnum: 0, connid: 0"
"12:27:30,1361939","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1363507","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1364356","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1365517","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1366352","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1369123","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8208, startime: 976399, endtime: 976399, seqnum: 0, connid: 0"
"12:27:30,1532072","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 84.480, Length: 4.096"
"12:27:30,1539354","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 2368, seqnum: 0, connid: 0"
"12:27:30,1548889","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 88.576, Length: 4.096"
"12:27:30,1556871","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 92.672, Length: 4.096"
"12:27:30,1564470","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 96.768, Length: 4.096"
"12:27:30,1571752","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 100.864, Length: 4.096"
"12:27:30,1578978","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 104.960, Length: 4.096"
"12:27:30,1588164","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 109.056, Length: 4.096"
"12:27:30,1595791","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 113.152, Length: 4.096"
"12:27:30,1602616","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 117.248, Length: 4.096"
"12:27:30,1609795","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 121.344, Length: 4.096"
"12:27:30,1613952","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:60400 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:30,1617078","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 125.440, Length: 4.096"
"12:27:30,1624313","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 129.536, Length: 4.096"
"12:27:30,1631157","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 133.632, Length: 4.096"
"12:27:30,1634693","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:50066 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:30,1637981","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 137.728, Length: 4.096"
"12:27:30,1645156","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 141.824, Length: 4.096"
"12:27:30,1652354","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 145.920, Length: 4.096"
"12:27:30,1659580","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 150.016, Length: 4.096"
"12:27:30,1666806","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 154.112, Length: 4.096"
"12:27:30,1673701","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 158.208, Length: 4.096"
"12:27:30,1680876","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 162.304, Length: 4.096"
"12:27:30,1688475","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 166.400, Length: 4.096"
"12:27:30,1694153","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.122.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,1695701","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 170.496, Length: 4.096"
"12:27:30,1697311","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.122.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,1699298","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.122.419, Length: 11.680"
"12:27:30,1702540","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 174.592, Length: 4.096"
"12:27:30,1702970","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.134.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,1709403","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 178.688, Length: 4.096"
"12:27:30,1717422","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 182.784, Length: 4.096"
"12:27:30,1724624","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 186.880, Length: 4.096"
"12:27:30,1731426","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 190.976, Length: 4.096"
"12:27:30,1738288","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 195.072, Length: 4.096"
"12:27:30,1745897","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 199.168, Length: 4.096"
"12:27:30,1752736","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 203.264, Length: 4.096"
"12:27:30,1759938","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 207.360, Length: 4.096"
"12:27:30,1767151","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 211.456, Length: 4.096"
"12:27:30,1774013","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 215.552, Length: 4.096"
"12:27:30,1780814","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 219.648, Length: 4.096"
"12:27:30,1788022","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 223.744, Length: 4.096"
"12:27:30,1795206","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 227.840, Length: 4.096"
"12:27:30,1802465","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 231.936, Length: 4.096"
"12:27:30,1809691","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 236.032, Length: 4.096"
"12:27:30,1816912","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 240.128, Length: 4.096"
"12:27:30,1821726","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:60400 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 125, seqnum: 0, connid: 0"
"12:27:30,1824992","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:50066 -> minnetonka.rhrk.uni-kl.de:domain","SUCCESS","Length: 125, seqnum: 0, connid: 0"
"12:27:30,1826578","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 244.224, Length: 4.096"
"12:27:30,1834569","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 248.320, Length: 4.096"
"12:27:30,1841814","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 252.416, Length: 4.096"
"12:27:30,1846204","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1848975","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1849012","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 256.512, Length: 4.096"
"12:27:30,1850258","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1852217","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976400, endtime: 976400, seqnum: 0, connid: 0"
"12:27:30,1855515","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 260.608, Length: 4.096"
"12:27:30,1862736","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 264.704, Length: 4.096"
"12:27:30,1865265","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:51302","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:30,1865381","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Error3725.wohnheim.uni-kl.de:51283","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:30,1869519","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 268.800, Length: 4.096"
"12:27:30,1870723","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1872286","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1873135","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1874282","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1876386","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 272.896, Length: 4.096"
"12:27:30,1877128","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976400, endtime: 976400, seqnum: 0, connid: 0"
"12:27:30,1881695","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:56392 -> 224.0.0.252:llmnr","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:30,1882245","svchost.exe","1528","UDP Send","Error3725.wohnheim.uni-kl.de:62626 -> 224.0.0.252:llmnr","SUCCESS","Length: 90, seqnum: 0, connid: 0"
"12:27:30,1883547","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 276.992, Length: 4.096"
"12:27:30,1890386","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 281.088, Length: 4.096"
"12:27:30,1891109","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 3472, seqnum: 0, connid: 0"
"12:27:30,1891930","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:30,1897617","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 285.184, Length: 4.096"
"12:27:30,1904796","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 289.280, Length: 4.096"
"12:27:30,1912041","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 293.376, Length: 4.096"
"12:27:30,1920083","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 297.472, Length: 4.096"
"12:27:30,1926903","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 301.568, Length: 4.096"
"12:27:30,1933406","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 305.664, Length: 4.096"
"12:27:30,1933696","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1936509","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,1937745","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 552, seqnum: 0, connid: 0"
"12:27:30,1939760","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 3472, startime: 976400, endtime: 976400, seqnum: 0, connid: 0"
"12:27:30,1940581","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 309.760, Length: 4.096"
"12:27:30,1947406","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 313.856, Length: 4.096"
"12:27:30,1952603","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 908, seqnum: 0, connid: 0"
"12:27:30,1954576","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 908, startime: 976400, endtime: 976400, seqnum: 0, connid: 0"
"12:27:30,1954665","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 317.952, Length: 4.096"
"12:27:30,1961490","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 322.048, Length: 4.096"
"12:27:30,1968324","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 326.144, Length: 4.096"
"12:27:30,1971039","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.134.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,1975032","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.134.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,1975900","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 330.240, Length: 4.096"
"12:27:30,1977057","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.134.099, Length: 13.140"
"12:27:30,1981045","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.147.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,1982711","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 334.336, Length: 4.096"
"12:27:30,1989526","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 338.432, Length: 4.096"
"12:27:30,1996389","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 342.528, Length: 4.096"
"12:27:30,2003563","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 346.624, Length: 4.096"
"12:27:30,2006731","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.147.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2009903","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.147.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2010407","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 350.720, Length: 4.096"
"12:27:30,2013565","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.147.239, Length: 3.472"
"12:27:30,2020493","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.150.711, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2020843","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 354.816, Length: 4.096"
"12:27:30,2023656","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:51283 -> Graf_Fenryl-PC:llmnr","SUCCESS","Length: 190, seqnum: 0, connid: 0"
"12:27:30,2026893","svchost.exe","1528","UDP Receive","Error3725.wohnheim.uni-kl.de:51302 -> Rebecca-PC:llmnr","SUCCESS","Length: 186, seqnum: 0, connid: 0"
"12:27:30,2027588","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 358.912, Length: 4.096"
"12:27:30,2033223","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 363.008, Length: 4.096"
"12:27:30,2039694","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 367.104, Length: 4.096"
"12:27:30,2045250","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 371.200, Length: 4.096"
"12:27:30,2050456","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 375.296, Length: 4.096"
"12:27:30,2055741","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 379.392, Length: 4.096"
"12:27:30,2061279","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 383.488, Length: 4.096"
"12:27:30,2066182","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 387.584, Length: 4.096"
"12:27:30,2071388","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 391.680, Length: 4.096"
"12:27:30,2076972","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 395.776, Length: 4.096"
"12:27:30,2082197","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 399.872, Length: 4.096"
"12:27:30,2086218","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.150.711, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2087440","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 403.968, Length: 4.096"
"12:27:30,2089409","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.150.711, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2091821","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.150.711, Length: 908"
"12:27:30,2093019","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 408.064, Length: 4.096"
"12:27:30,2095063","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.151.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2121910","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ntdll.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,2173906","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2177475","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2179928","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976400, endtime: 976400, seqnum: 0, connid: 0"
"12:27:30,2199209","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2201168","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2202022","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2203193","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2204037","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2206043","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2207559","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 8760, startime: 976400, endtime: 976400, seqnum: 0, connid: 0"
"12:27:30,2283529","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.151.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2286388","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.151.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2288362","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.151.619, Length: 2.920"
"12:27:30,2291231","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.154.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2484525","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.154.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2487352","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.154.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2489311","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.154.539, Length: 8.760"
"12:27:30,2491826","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2492927","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.163.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2494974","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2496990","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976400, endtime: 976400, seqnum: 0, connid: 0"
"12:27:30,2507435","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2509044","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2510299","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976400, endtime: 976400, seqnum: 0, connid: 0"
"12:27:30,2555083","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.163.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2558675","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.163.299, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2561096","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.163.299, Length: 2.920"
"12:27:30,2567888","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.166.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2655101","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.166.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2659150","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.166.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2661599","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.166.219, Length: 2.920"
"12:27:30,2665149","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.169.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2845647","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2848432","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2849673","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2850867","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2852034","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2854916","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2856106","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2857277","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2858126","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2859283","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,2860524","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 14600, startime: 976401, endtime: 976401, seqnum: 0, connid: 0"
"12:27:30,2921743","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.169.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2924612","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.169.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2926562","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.169.139, Length: 4.380"
"12:27:30,2929407","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.173.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2966009","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.173.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2968812","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.173.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,2970441","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.173.519, Length: 10.220"
"12:27:30,2974033","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.183.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,3541534","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,3544697","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,3545943","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:30,3547594","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976401, endtime: 976401, seqnum: 0, connid: 0"
"12:27:30,3620023","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.183.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,3623205","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.183.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,3624851","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.183.739, Length: 4.380"
"12:27:30,3628420","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.188.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:30,3792059","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:30,3796024","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:30,3798436","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:30,3800503","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:30,3802471","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:30,3804104","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:30,3806129","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:30,3845030","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:30,3849434","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:30,3889291","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:30,3926192","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,3933450","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.626.216, Length: 16.200"
"12:27:30,3959938","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,3966297","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Filter: kernel32.dll.mui, 1: kernel32.dll.mui"
"12:27:30,3970761","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:30,4001209","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,4006835","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:30,4008851","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:30,4016114","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,4025724","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:30,4030939","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:30,4059387","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,4062624","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:30,4067807","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:30,4074254","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,4077893","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:30,4081452","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:30,4100364","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,4104334","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:30,4108323","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:30,4201044","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 919.244, Length: 4.096"
"12:27:30,4205037","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 917.504, Length: 8.192, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:30,4220814","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 512, Length: 4.096"
"12:27:30,4238812","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 32, Length: 4.096"
"12:27:30,4243645","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 929.737, Length: 567"
"12:27:30,4246878","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 925.696, Length: 4.608, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:30,4261367","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:30,4265785","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,4268999","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 926.208, Length: 4.096"
"12:27:30,4271453","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 920.832, Length: 4.096"
"12:27:30,4274238","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 926.208, Length: 4.096"
"12:27:30,4277000","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 920.832, Length: 4.096"
"12:27:30,4279841","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:30,4291475","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,4330404","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 5.476, Length: 4.096"
"12:27:30,4340840","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,4347240","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 6.656, Length: 4.096"
"12:27:30,4350478","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 4.608, Length: 4.096"
"12:27:30,4356085","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:27:30,4368877","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 928.256, Length: 2.048"
"12:27:30,4380544","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,4620964","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 4.096, Length: 57.344"
"12:27:30,4625354","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:30,4626991","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 61.440, Length: 61.440"
"12:27:30,4628591","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:30,4631022","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:30,4632561","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 122.880, Length: 61.440"
"12:27:30,4634562","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:30,4636951","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 131.072, Length: 53.248, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:30,4638187","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:30,4655863","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 184.320, Length: 61.440"
"12:27:30,4679183","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 245.760, Length: 61.440"
"12:27:30,4683218","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 307.200, Length: 61.440"
"12:27:30,4712538","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 368.640, Length: 61.440"
"12:27:30,4716923","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 430.080, Length: 61.440"
"12:27:30,4720912","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 491.520, Length: 61.440"
"12:27:30,4724140","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 552.960, Length: 61.440"
"12:27:30,4744059","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 614.400, Length: 61.440"
"12:27:30,4748496","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 675.840, Length: 61.440"
"12:27:30,4752899","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 737.280, Length: 61.440"
"12:27:30,4757718","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 798.720, Length: 61.440"
"12:27:30,4760914","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 860.160, Length: 61.440"
"12:27:30,4763792","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 921.600, Length: 8.704"
"12:27:30,4873345","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,4913870","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:30,4919123","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Filter: kernel32.dll.mui, 1: kernel32.dll.mui"
"12:27:30,4923900","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:30,4943689","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 59.904, Length: 4.096"
"12:27:30,5042694","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 70.144, Length: 4.096"
"12:27:30,5143393","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 61.440"
"12:27:30,5147423","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 61.440, Length: 61.440"
"12:27:30,5150675","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 122.880, Length: 61.440"
"12:27:30,5153875","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 184.320, Length: 61.440"
"12:27:30,5157070","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 245.760, Length: 61.440"
"12:27:30,5160261","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 307.200, Length: 61.440"
"12:27:30,5163116","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 368.640, Length: 61.440"
"12:27:30,5166288","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 430.080, Length: 61.440"
"12:27:30,5169475","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 491.520, Length: 61.440"
"12:27:30,5172330","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 552.960, Length: 61.440"
"12:27:30,5175520","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 614.400, Length: 61.440"
"12:27:30,5178702","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 675.840, Length: 61.440"
"12:27:30,5181557","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 737.280, Length: 61.440"
"12:27:30,5184752","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 798.720, Length: 61.440"
"12:27:30,5187943","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 860.160, Length: 61.440"
"12:27:30,5191125","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 921.600, Length: 8.704"
"12:27:30,5280362","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 8.704, Length: 4.096"
"12:27:30,5286809","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 12.800, Length: 4.096"
"12:27:30,5292458","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 16.896, Length: 4.096"
"12:27:30,5298005","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 20.992, Length: 4.096"
"12:27:30,5302908","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 25.088, Length: 4.096"
"12:27:30,5308114","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 29.184, Length: 4.096"
"12:27:30,5313665","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 33.280, Length: 4.096"
"12:27:30,5319734","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 37.376, Length: 4.096"
"12:27:30,5328304","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 41.472, Length: 4.096"
"12:27:30,5334779","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 45.568, Length: 4.096"
"12:27:30,5340372","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 49.664, Length: 4.096"
"12:27:30,5345597","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 53.760, Length: 4.096"
"12:27:30,5351181","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 57.856, Length: 4.096"
"12:27:30,5356023","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 64.000, Length: 4.096"
"12:27:30,5361603","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 68.096, Length: 4.096"
"12:27:30,5366072","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 74.240, Length: 4.096"
"12:27:30,5371679","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 78.336, Length: 4.096"
"12:27:30,5376922","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 82.432, Length: 4.096"
"12:27:30,5382129","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 86.528, Length: 4.096"
"12:27:30,5387344","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 90.624, Length: 4.096"
"12:27:30,5392541","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 94.720, Length: 4.096"
"12:27:30,5398144","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 98.816, Length: 4.096"
"12:27:30,5403728","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 102.912, Length: 4.096"
"12:27:30,5412941","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 107.008, Length: 4.096"
"12:27:30,5420545","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 111.104, Length: 4.096"
"12:27:30,5426157","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 115.200, Length: 4.096"
"12:27:30,5431386","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 119.296, Length: 4.096"
"12:27:30,5436616","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 123.392, Length: 4.096"
"12:27:30,5446165","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 127.488, Length: 4.096"
"12:27:30,5451861","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 131.584, Length: 4.096"
"12:27:30,5457800","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 135.680, Length: 4.096"
"12:27:30,5463883","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 139.776, Length: 4.096"
"12:27:30,5469462","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 143.872, Length: 4.096"
"12:27:30,5481899","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 147.968, Length: 4.096"
"12:27:30,5487907","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 152.064, Length: 4.096"
"12:27:30,5493160","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 156.160, Length: 4.096"
"12:27:30,5498366","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 160.256, Length: 4.096"
"12:27:30,5503582","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 164.352, Length: 4.096"
"12:27:30,5509185","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 168.448, Length: 4.096"
"12:27:30,5514377","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 172.544, Length: 4.096"
"12:27:30,5524057","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 176.640, Length: 4.096"
"12:27:30,5531283","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 180.736, Length: 4.096"
"12:27:30,5536885","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 184.832, Length: 4.096"
"12:27:30,5542539","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 188.928, Length: 4.096"
"12:27:30,5547745","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 193.024, Length: 4.096"
"12:27:30,5553731","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 197.120, Length: 4.096"
"12:27:30,5559310","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 201.216, Length: 4.096"
"12:27:30,5570958","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 205.312, Length: 4.096"
"12:27:30,5588018","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 209.408, Length: 4.096"
"12:27:30,5594815","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 213.504, Length: 4.096"
"12:27:30,5600427","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 217.600, Length: 4.096"
"12:27:30,5605657","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 221.696, Length: 4.096"
"12:27:30,5611236","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 225.792, Length: 4.096"
"12:27:30,5616470","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 229.888, Length: 4.096"
"12:27:30,5625726","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 233.984, Length: 4.096"
"12:27:30,5630974","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 238.080, Length: 4.096"
"12:27:30,5640551","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 242.176, Length: 4.096"
"12:27:30,5647017","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 246.272, Length: 4.096"
"12:27:30,5652652","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 250.368, Length: 4.096"
"12:27:30,5658604","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 254.464, Length: 4.096"
"12:27:30,5663834","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 258.560, Length: 4.096"
"12:27:30,5669077","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 262.656, Length: 4.096"
"12:27:30,5674685","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 266.752, Length: 4.096"
"12:27:30,5679891","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 270.848, Length: 4.096"
"12:27:30,5685125","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 274.944, Length: 4.096"
"12:27:30,5690326","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 279.040, Length: 4.096"
"12:27:30,5695533","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 283.136, Length: 4.096"
"12:27:30,5700781","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 287.232, Length: 4.096"
"12:27:30,5706005","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 291.328, Length: 4.096"
"12:27:30,5711207","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 295.424, Length: 4.096"
"12:27:30,5716791","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 299.520, Length: 4.096"
"12:27:30,5723257","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 303.616, Length: 4.096"
"12:27:30,5728799","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 307.712, Length: 4.096"
"12:27:30,5733692","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 311.808, Length: 4.096"
"12:27:30,5743605","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 315.904, Length: 4.096"
"12:27:30,5750342","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 320.000, Length: 4.096"
"12:27:30,5755618","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 324.096, Length: 4.096"
"12:27:30,5760838","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 328.192, Length: 4.096"
"12:27:30,5766427","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 332.288, Length: 4.096"
"12:27:30,5771633","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 336.384, Length: 4.096"
"12:27:30,5776834","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 340.480, Length: 4.096"
"12:27:30,5781718","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 344.576, Length: 4.096"
"12:27:30,5787270","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 348.672, Length: 4.096"
"12:27:30,5792467","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 352.768, Length: 4.096"
"12:27:30,5797360","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 356.864, Length: 4.096"
"12:27:30,5802562","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 360.960, Length: 4.096"
"12:27:30,5807800","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 365.056, Length: 4.096"
"12:27:30,5813002","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 369.152, Length: 4.096"
"12:27:30,5819024","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 373.248, Length: 4.096"
"12:27:30,5827011","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 377.344, Length: 4.096"
"12:27:30,5832264","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 381.440, Length: 4.096"
"12:27:30,5837484","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 385.536, Length: 4.096"
"12:27:30,5842699","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 389.632, Length: 4.096"
"12:27:30,5847919","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 393.728, Length: 4.096"
"12:27:30,5853494","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 397.824, Length: 4.096"
"12:27:30,5858705","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 401.920, Length: 4.096"
"12:27:30,5863902","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 406.016, Length: 4.096"
"12:27:30,5869136","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 410.112, Length: 4.096"
"12:27:30,5874328","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 414.208, Length: 4.096"
"12:27:30,5879212","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 418.304, Length: 4.096"
"12:27:30,5884414","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 422.400, Length: 4.096"
"12:27:30,5889620","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 426.496, Length: 4.096"
"12:27:30,5894863","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 430.592, Length: 4.096"
"12:27:30,5900069","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 434.688, Length: 4.096"
"12:27:30,5907235","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 438.784, Length: 4.096"
"12:27:30,5912464","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 442.880, Length: 4.096"
"12:27:30,5923287","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 446.976, Length: 4.096"
"12:27:30,5931707","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 451.072, Length: 4.096"
"12:27:30,5937739","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 455.168, Length: 4.096"
"12:27:30,5943328","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 459.264, Length: 4.096"
"12:27:30,5948959","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 463.360, Length: 4.096"
"12:27:30,5954165","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 467.456, Length: 4.096"
"12:27:30,5959441","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 471.552, Length: 4.096"
"12:27:30,5964661","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 475.648, Length: 4.096"
"12:27:30,5969877","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 479.744, Length: 4.096"
"12:27:30,5975428","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 483.840, Length: 4.096"
"12:27:30,5980317","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 487.936, Length: 4.096"
"12:27:30,5985528","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 492.032, Length: 4.096"
"12:27:30,5991093","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 496.128, Length: 4.096"
"12:27:30,5996322","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 500.224, Length: 4.096"
"12:27:30,6001529","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 504.320, Length: 4.096"
"12:27:30,6006735","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 508.416, Length: 4.096"
"12:27:30,6011973","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 512.512, Length: 4.096"
"12:27:30,6017576","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 516.608, Length: 4.096"
"12:27:30,6022843","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 520.704, Length: 4.096"
"12:27:30,6028385","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 524.800, Length: 4.096"
"12:27:30,6033642","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 528.896, Length: 4.096"
"12:27:30,6038853","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 532.992, Length: 4.096"
"12:27:30,6044083","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 537.088, Length: 4.096"
"12:27:30,6049293","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 541.184, Length: 4.096"
"12:27:30,6054514","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 545.280, Length: 4.096"
"12:27:30,6059715","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 549.376, Length: 4.096"
"12:27:30,6064912","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 553.472, Length: 4.096"
"12:27:30,6070127","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 557.568, Length: 4.096"
"12:27:30,6075394","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 561.664, Length: 4.096"
"12:27:30,6080586","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 565.760, Length: 4.096"
"12:27:30,6085792","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 569.856, Length: 4.096"
"12:27:30,6091003","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 573.952, Length: 4.096"
"12:27:30,6096639","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 578.048, Length: 4.096"
"12:27:30,6101859","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 582.144, Length: 4.096"
"12:27:30,6107065","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 586.240, Length: 4.096"
"12:27:30,6112266","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 590.336, Length: 4.096"
"12:27:30,6117892","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 594.432, Length: 4.096"
"12:27:30,6123140","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 598.528, Length: 4.096"
"12:27:30,6128347","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 602.624, Length: 4.096"
"12:27:30,6133557","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 606.720, Length: 4.096"
"12:27:30,6138754","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 610.816, Length: 4.096"
"12:27:30,6143960","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 614.912, Length: 4.096"
"12:27:30,6149176","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 619.008, Length: 4.096"
"12:27:30,6154387","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 623.104, Length: 4.096"
"12:27:30,6159639","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 627.200, Length: 4.096"
"12:27:30,6164846","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 631.296, Length: 4.096"
"12:27:30,6170056","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 635.392, Length: 4.096"
"12:27:30,6175626","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 639.488, Length: 4.096"
"12:27:30,6180515","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 643.584, Length: 4.096"
"12:27:30,6185717","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 647.680, Length: 4.096"
"12:27:30,6190923","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 651.776, Length: 4.096"
"12:27:30,6196124","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 655.872, Length: 4.096"
"12:27:30,6201368","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 659.968, Length: 4.096"
"12:27:30,6206579","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 664.064, Length: 4.096"
"12:27:30,6211785","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 668.160, Length: 4.096"
"12:27:30,6217355","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 672.256, Length: 4.096"
"12:27:30,6222981","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 676.352, Length: 4.096"
"12:27:30,6228192","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 680.448, Length: 4.096"
"12:27:30,6233398","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 684.544, Length: 4.096"
"12:27:30,6238273","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 688.640, Length: 4.096"
"12:27:30,6243843","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 692.736, Length: 4.096"
"12:27:30,6249044","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 696.832, Length: 4.096"
"12:27:30,6253938","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 700.928, Length: 4.096"
"12:27:30,6259522","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 705.024, Length: 4.096"
"12:27:30,6264742","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 709.120, Length: 4.096"
"12:27:30,6269953","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 713.216, Length: 4.096"
"12:27:30,6275163","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 717.312, Length: 4.096"
"12:27:30,6280365","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 721.408, Length: 4.096"
"12:27:30,6285622","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 725.504, Length: 4.096"
"12:27:30,6290824","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 729.600, Length: 4.096"
"12:27:30,6296030","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 733.696, Length: 4.096"
"12:27:30,6301222","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 737.792, Length: 4.096"
"12:27:30,6306456","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 741.888, Length: 4.096"
"12:27:30,6311653","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 745.984, Length: 4.096"
"12:27:30,6316906","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 750.080, Length: 4.096"
"12:27:30,6322471","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 754.176, Length: 4.096"
"12:27:30,6327715","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 758.272, Length: 4.096"
"12:27:30,6332911","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 762.368, Length: 4.096"
"12:27:30,6338174","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 766.464, Length: 4.096"
"12:27:30,6343366","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 770.560, Length: 4.096"
"12:27:30,6348577","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 774.656, Length: 4.096"
"12:27:30,6353773","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 778.752, Length: 4.096"
"12:27:30,6358970","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 782.848, Length: 4.096"
"12:27:30,6363864","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 786.944, Length: 4.096"
"12:27:30,6369424","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 791.040, Length: 4.096"
"12:27:30,6374612","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 795.136, Length: 4.096"
"12:27:30,6379501","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 799.232, Length: 4.096"
"12:27:30,6384702","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 803.328, Length: 4.096"
"12:27:30,6389899","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 807.424, Length: 4.096"
"12:27:30,6395091","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 811.520, Length: 4.096"
"12:27:30,6399961","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 815.616, Length: 4.096"
"12:27:30,6405158","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 819.712, Length: 4.096"
"12:27:30,6410388","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 823.808, Length: 4.096"
"12:27:30,6415589","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 827.904, Length: 4.096"
"12:27:30,6421565","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 832.000, Length: 4.096"
"12:27:30,6430125","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 836.096, Length: 4.096"
"12:27:30,6438499","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 840.192, Length: 4.096"
"12:27:30,6444097","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 844.288, Length: 4.096"
"12:27:30,6449326","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 848.384, Length: 4.096"
"12:27:30,6454542","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 852.480, Length: 4.096"
"12:27:30,6459795","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 856.576, Length: 4.096"
"12:27:30,6465388","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 860.672, Length: 4.096"
"12:27:30,6475688","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 864.768, Length: 4.096"
"12:27:30,6482135","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 868.864, Length: 4.096"
"12:27:30,6488158","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 872.960, Length: 4.096"
"12:27:30,6493406","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 877.056, Length: 4.096"
"12:27:30,6499387","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 881.152, Length: 4.096"
"12:27:30,6504611","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 885.248, Length: 4.096"
"12:27:30,6510611","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 889.344, Length: 4.096"
"12:27:30,6519036","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 893.440, Length: 4.096"
"12:27:30,6528655","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 897.536, Length: 4.096"
"12:27:30,6533898","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 901.632, Length: 4.096"
"12:27:30,6539109","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 905.728, Length: 4.096"
"12:27:30,6544311","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 909.824, Length: 4.096"
"12:27:30,6549521","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 913.920, Length: 4.096"
"12:27:30,6554709","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 918.016, Length: 4.096"
"12:27:30,6559985","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 922.112, Length: 4.096"
"12:27:30,6568368","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 926.208, Length: 4.096"
"12:27:30,6595677","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\kernel32.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,6766677","firefox.exe","6744","LockFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Exclusive: True, Offset: 124, Length: 1, Fail Immediately: True"
"12:27:30,6769462","firefox.exe","6744","UnlockFileSingle","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Offset: 124, Length: 1"
"12:27:30,6773866","firefox.exe","6744","LockFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Exclusive: False, Offset: 124, Length: 1, Fail Immediately: True"
"12:27:30,6775886","firefox.exe","6744","LockFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Exclusive: True, Offset: 120, Length: 1, Fail Immediately: True"
"12:27:30,6802504","firefox.exe","6744","WriteFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-wal","SUCCESS","Offset: 295.160, Length: 24"
"12:27:30,6805756","firefox.exe","6744","WriteFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-wal","SUCCESS","Offset: 295.184, Length: 32.768"
"12:27:30,6808979","firefox.exe","6744","UnlockFileSingle","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Offset: 120, Length: 1"
"12:27:30,6810957","firefox.exe","6744","UnlockFileSingle","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Offset: 124, Length: 1"
"12:27:30,8107916","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:30,8112273","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:30,8114708","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:30,8117894","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:30,8119891","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:30,8121547","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:30,8123571","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:30,8155671","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:30,8160481","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:30,8198776","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:27:30,8232224","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,8238615","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 3.004.188, Length: 16.200"
"12:27:30,8248663","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:30,8253926","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:30,8259528","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:30,8264762","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:30,8269978","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:30,8275189","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:30,8280395","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:30,8285615","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:30,8290812","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:30,8296032","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:30,8301243","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:30,8306453","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:30,8311660","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:30,8316889","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:30,8322935","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:30,8328472","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:30,8333692","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:30,8338908","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:30,8343797","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 77.824, Length: 4.096"
"12:27:30,8348994","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 81.920, Length: 4.096"
"12:27:30,8354195","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 86.016, Length: 4.096"
"12:27:30,8359401","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 90.112, Length: 4.096"
"12:27:30,8364612","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 94.208, Length: 4.096"
"12:27:30,8369823","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 98.304, Length: 4.096"
"12:27:30,8375024","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 102.400, Length: 4.096"
"12:27:30,8380216","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 106.496, Length: 4.096"
"12:27:30,8385105","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 110.592, Length: 4.096"
"12:27:30,8390302","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 114.688, Length: 4.096"
"12:27:30,8395508","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 118.784, Length: 4.096"
"12:27:30,8400710","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 122.880, Length: 4.096"
"12:27:30,8405963","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 126.976, Length: 4.096"
"12:27:30,8411523","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 131.072, Length: 4.096"
"12:27:30,8416753","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 135.168, Length: 4.096"
"12:27:30,8422005","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 139.264, Length: 4.096"
"12:27:30,8427216","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 143.360, Length: 4.096"
"12:27:30,8432413","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 147.456, Length: 4.096"
"12:27:30,8437615","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 151.552, Length: 4.096"
"12:27:30,8442494","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 155.648, Length: 4.096"
"12:27:30,8447705","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 159.744, Length: 4.096"
"12:27:30,8452906","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 163.840, Length: 4.096"
"12:27:30,8458108","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 167.936, Length: 4.096"
"12:27:30,8463309","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 172.032, Length: 4.096"
"12:27:30,8468502","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 176.128, Length: 4.096"
"12:27:30,8473381","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 180.224, Length: 4.096"
"12:27:30,8478573","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 184.320, Length: 4.096"
"12:27:30,8483775","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 188.416, Length: 4.096"
"12:27:30,8488986","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 192.512, Length: 4.096"
"12:27:30,8494196","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 196.608, Length: 4.096"
"12:27:30,8499836","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 200.704, Length: 4.096"
"12:27:30,8505066","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 204.800, Length: 4.096"
"12:27:30,8510263","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 208.896, Length: 4.096"
"12:27:30,8515487","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 212.992, Length: 4.096"
"12:27:30,8521090","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 217.088, Length: 4.096"
"12:27:30,8526702","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 221.184, Length: 4.096"
"12:27:30,8531922","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 225.280, Length: 4.096"
"12:27:30,8537133","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 229.376, Length: 4.096"
"12:27:30,8545329","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 233.472, Length: 4.096"
"12:27:30,8553391","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 237.568, Length: 4.096"
"12:27:30,8559343","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 241.664, Length: 4.096"
"12:27:30,8567801","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 245.760, Length: 4.096"
"12:27:30,8573399","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 249.856, Length: 4.096"
"12:27:30,8581017","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 253.952, Length: 4.096"
"12:27:30,8587445","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 258.048, Length: 4.096"
"12:27:30,8592670","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:30,8598650","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 266.240, Length: 4.096"
"12:27:30,8603866","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 270.336, Length: 4.096"
"12:27:30,8609520","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 274.432, Length: 512"
"12:27:30,8614334","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.693.446, Length: 16.200"
"12:27:30,8621952","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,8648407","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 26.801, Length: 4.096"
"12:27:30,8654817","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:27:30,8664100","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 4.352, Length: 4.096"
"12:27:30,8667655","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 26.545, Length: 4.096"
"12:27:30,8673314","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:27:30,8714604","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 263.680, Length: 4.096"
"12:27:30,8724265","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:27:30,8727833","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,8735507","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 263.396, Length: 4.096"
"12:27:30,8745486","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 32, Length: 4.096"
"12:27:30,8749087","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 273.889, Length: 1.055"
"12:27:30,8752712","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 240, Length: 4.096"
"12:27:30,8757969","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 216, Length: 4.096"
"12:27:30,8760806","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,8764001","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 270.848, Length: 4.096"
"12:27:30,8773560","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 265.472, Length: 4.096"
"12:27:30,8776811","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 270.848, Length: 4.096"
"12:27:30,8779601","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 265.472, Length: 4.096"
"12:27:30,8782437","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:30,8796031","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,8808118","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 58.640, Length: 4.096"
"12:27:30,8819053","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 60, Length: 4.096"
"12:27:30,8835646","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 58.640, Length: 4.096"
"12:27:30,8858901","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,8863384","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 240.640, Length: 4.096"
"12:27:30,8866939","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 246.784, Length: 4.096"
"12:27:30,8870205","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 242.688, Length: 4.096"
"12:27:30,8878620","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 248.832, Length: 4.096"
"12:27:30,8909890","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 252.928, Length: 4.096"
"12:27:30,8942349","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 257.024, Length: 4.096"
"12:27:30,8998935","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 228.352, Length: 4.096"
"12:27:30,9002173","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 238.592, Length: 4.096"
"12:27:30,9005415","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 230.400, Length: 4.096"
"12:27:30,9008606","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:30,9013747","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 232.448, Length: 4.096"
"12:27:30,9039050","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 236.544, Length: 4.096"
"12:27:30,9068001","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 262.144, Length: 4.096"
"12:27:30,9077228","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,9081618","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 25.600, Length: 4.096"
"12:27:30,9088783","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 123.904, Length: 4.096"
"12:27:30,9093210","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 261.120, Length: 4.096"
"12:27:30,9102022","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 84.992, Length: 4.096"
"12:27:30,9121727","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 23.552, Length: 4.096"
"12:27:30,9137752","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 113.664, Length: 4.096"
"12:27:30,9240106","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 26.801, Length: 4.096"
"12:27:30,9242845","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:30,9250122","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 26.801, Length: 4.096"
"12:27:30,9321086","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 61.440"
"12:27:30,9324333","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 61.440, Length: 61.440"
"12:27:30,9327165","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 122.880, Length: 61.440"
"12:27:30,9330766","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 184.320, Length: 61.440"
"12:27:30,9333962","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 245.760, Length: 29.184"
"12:27:30,9426622","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 26.801, Length: 4.096"
"12:27:30,9575049","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 61.440"
"12:27:30,9578697","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 61.440, Length: 61.440"
"12:27:30,9581888","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 122.880, Length: 61.440"
"12:27:30,9584733","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 184.320, Length: 61.440"
"12:27:30,9587896","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 245.760, Length: 29.184"
"12:27:30,9657349","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 3.072, Length: 4.096"
"12:27:30,9662140","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 7.168, Length: 4.096"
"12:27:30,9666548","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 11.264, Length: 4.096"
"12:27:30,9670961","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 15.360, Length: 4.096"
"12:27:30,9675010","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 19.456, Length: 4.096"
"12:27:30,9679400","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 29.696, Length: 4.096"
"12:27:30,9683799","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 33.792, Length: 4.096"
"12:27:30,9687839","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 37.888, Length: 4.096"
"12:27:30,9692205","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 41.984, Length: 4.096"
"12:27:30,9696250","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 46.080, Length: 4.096"
"12:27:30,9700635","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 50.176, Length: 4.096"
"12:27:30,9704670","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 54.272, Length: 4.096"
"12:27:30,9708701","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 58.368, Length: 4.096"
"12:27:30,9713081","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 62.464, Length: 4.096"
"12:27:30,9717504","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 66.560, Length: 4.096"
"12:27:30,9721894","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 70.656, Length: 4.096"
"12:27:30,9725924","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 74.752, Length: 4.096"
"12:27:30,9730305","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 78.848, Length: 4.096"
"12:27:30,9734344","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 82.944, Length: 4.096"
"12:27:30,9737199","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 87.040, Length: 4.096"
"12:27:30,9741566","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 91.136, Length: 4.096"
"12:27:30,9745937","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 95.232, Length: 4.096"
"12:27:30,9749991","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 99.328, Length: 4.096"
"12:27:30,9754035","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 103.424, Length: 4.096"
"12:27:30,9758420","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 107.520, Length: 4.096"
"12:27:30,9762460","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 111.616, Length: 4.096"
"12:27:30,9765633","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 115.712, Length: 4.096"
"12:27:30,9769668","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 119.808, Length: 4.096"
"12:27:30,9774076","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 125.952, Length: 4.096"
"12:27:30,9778107","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 130.048, Length: 4.096"
"12:27:30,9783672","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 134.144, Length: 4.096"
"12:27:30,9787726","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 138.240, Length: 4.096"
"12:27:30,9792125","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 142.336, Length: 4.096"
"12:27:30,9796160","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 146.432, Length: 4.096"
"12:27:30,9800508","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 150.528, Length: 4.096"
"12:27:30,9804581","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 154.624, Length: 4.096"
"12:27:30,9808611","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 158.720, Length: 4.096"
"12:27:30,9812964","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 162.816, Length: 4.096"
"12:27:30,9817367","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 166.912, Length: 4.096"
"12:27:30,9821841","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 171.008, Length: 4.096"
"12:27:30,9826222","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 175.104, Length: 4.096"
"12:27:30,9830266","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 179.200, Length: 4.096"
"12:27:30,9834633","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 183.296, Length: 4.096"
"12:27:30,9838682","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 187.392, Length: 4.096"
"12:27:30,9843030","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 191.488, Length: 4.096"
"12:27:30,9847083","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 195.584, Length: 4.096"
"12:27:30,9851469","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 199.680, Length: 4.096"
"12:27:30,9855508","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 203.776, Length: 4.096"
"12:27:30,9859534","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 207.872, Length: 4.096"
"12:27:30,9863919","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 211.968, Length: 4.096"
"12:27:30,9867955","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 216.064, Length: 4.096"
"12:27:30,9871981","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 220.160, Length: 4.096"
"12:27:30,9876002","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 224.256, Length: 4.096"
"12:27:30,9955638","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 26.801, Length: 4.096"
"12:27:31,0310290","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,1015978","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:31,1020793","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:31,1029852","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:31,1033057","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:31,1035385","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:31,1037064","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:31,1039406","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:31,1074328","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:31,1078797","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:31,1098512","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 176, Length: 4.096"
"12:27:31,1129870","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,1136251","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 96.288, Length: 16.200"
"12:27:31,1161498","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,1165958","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\WININET.dll.mui","SUCCESS","Filter: WININET.dll.mui, 1: wininet.dll.mui"
"12:27:31,1170357","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:31,1197237","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,1202476","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:31,1204496","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:31,1210882","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,1214511","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:31,1224784","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:31,1260084","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,1264082","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:31,1266069","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:31,1276938","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,1282536","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:31,1286973","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:31,1303809","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,1308166","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:31,1311791","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:31,1369618","svchost.exe","948","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read"
"12:27:31,1373173","svchost.exe","948","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:31,1375207","svchost.exe","948","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","REPARSE","Desired Access: Read"
"12:27:31,1378010","svchost.exe","948","RegOpenKey","HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC","NAME NOT FOUND","Desired Access: Read"
"12:27:31,1380767","svchost.exe","948","RegCloseKey","HKLM","SUCCESS",""
"12:27:31,1408883","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 50.892, Length: 4.096"
"12:27:31,1414547","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 512, Length: 4.096"
"12:27:31,1427758","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 32, Length: 4.096"
"12:27:31,1431756","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 57.801, Length: 567"
"12:27:31,1435380","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 176, Length: 4.096"
"12:27:31,1438627","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,1441776","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 54.272, Length: 4.096"
"12:27:31,1444225","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 48.896, Length: 4.096"
"12:27:31,1447010","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 54.272, Length: 4.096"
"12:27:31,1449786","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 48.896, Length: 4.096"
"12:27:31,1452627","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:31,1463865","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,1498801","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 5.476, Length: 4.096"
"12:27:31,1509568","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,1519187","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 55.808, Length: 2.560"
"12:27:31,1528475","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,1554529","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:31,1663448","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,1729644","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 4.096, Length: 54.272"
"12:27:31,1824325","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,1864019","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,1868843","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\WININET.dll.mui","SUCCESS","Filter: WININET.dll.mui, 1: wininet.dll.mui"
"12:27:31,1873265","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:31,1960715","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 25.088, Length: 4.096"
"12:27:31,2022942","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 58.368"
"12:27:31,2084674","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,2087505","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,2089525","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976410, endtime: 976410, seqnum: 0, connid: 0"
"12:27:31,2129817","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,2212882","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.188.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2215718","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.188.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2224115","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.188.119, Length: 2.920"
"12:27:31,2230376","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.191.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2432006","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,2435244","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976410, endtime: 976410, seqnum: 0, connid: 0"
"12:27:31,2446426","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,2448073","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,2449659","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976410, endtime: 976410, seqnum: 0, connid: 0"
"12:27:31,2457556","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 29.184, Length: 4.096"
"12:27:31,2491219","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.191.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2494037","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.191.039, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2495665","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.191.039, Length: 1.460"
"12:27:31,2498455","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.192.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2545599","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.192.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2548421","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.192.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2550077","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.192.499, Length: 2.920"
"12:27:31,2553259","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.195.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2649353","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 536, Length: 4.096"
"12:27:31,2754946","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,2757749","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,2759760","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976410, endtime: 976410, seqnum: 0, connid: 0"
"12:27:31,2767821","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,2769794","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976410, endtime: 976410, seqnum: 0, connid: 0"
"12:27:31,2775798","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 4.632, Length: 4.096"
"12:27:31,2781018","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 8.728, Length: 4.096"
"12:27:31,2789942","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 12.824, Length: 4.096"
"12:27:31,2795176","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 16.920, Length: 4.096"
"12:27:31,2799599","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 21.016, Length: 4.096"
"12:27:31,2804362","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 27.136, Length: 4.096"
"12:27:31,2807562","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 31.232, Length: 4.096"
"12:27:31,2811611","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 35.328, Length: 4.096"
"12:27:31,2815982","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 39.424, Length: 4.096"
"12:27:31,2825742","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:31,2832184","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 47.616, Length: 4.096"
"12:27:31,2834885","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.195.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2836966","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 51.712, Length: 4.096"
"12:27:31,2837301","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.195.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2838906","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.195.419, Length: 2.920"
"12:27:31,2841659","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.198.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2873362","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.198.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2876161","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.198.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,2878106","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.198.339, Length: 1.460"
"12:27:31,2880929","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.199.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3051257","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\wininet.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,3071718","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,3074526","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,3076532","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976411, endtime: 976411, seqnum: 0, connid: 0"
"12:27:31,3126247","winlogon.exe","388","Thread Exit","","SUCCESS","Thread ID: 9728, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:31,3161598","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.199.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3164411","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.199.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3166030","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.199.799, Length: 2.920"
"12:27:31,3169239","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.202.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3389740","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,3392539","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,3394526","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976411, endtime: 976411, seqnum: 0, connid: 0"
"12:27:31,3402578","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,3404561","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976411, endtime: 976411, seqnum: 0, connid: 0"
"12:27:31,3560596","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.202.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3563446","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.202.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3565415","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.202.719, Length: 2.920"
"12:27:31,3568237","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.205.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3611430","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.205.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3615377","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.206.784, EndOfFile: 409.205.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3621437","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.205.639, Length: 1.460, Priority: Normal"
"12:27:31,3641902","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 409.206.784, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:31,3646716","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.207.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3711340","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,3714172","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,3716528","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976411, endtime: 976411, seqnum: 0, connid: 0"
"12:27:31,3803302","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.207.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3806133","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.207.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,3808088","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.207.099, Length: 2.920"
"12:27:31,3810514","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.210.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4038245","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4041058","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4042611","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4044281","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976412, endtime: 976412, seqnum: 0, connid: 0"
"12:27:31,4137437","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.210.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4140670","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.210.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4142648","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.210.019, Length: 4.380"
"12:27:31,4145498","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.214.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4357713","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4360517","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4362537","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976412, endtime: 976412, seqnum: 0, connid: 0"
"12:27:31,4372968","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4374582","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4376154","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976412, endtime: 976412, seqnum: 0, connid: 0"
"12:27:31,4425524","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.214.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4428351","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.214.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4431518","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.214.399, Length: 2.920"
"12:27:31,4434383","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.217.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4475472","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.217.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4478299","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.217.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4480258","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.217.319, Length: 2.920"
"12:27:31,4482731","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.220.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4633228","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:31,4635701","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:31,4638071","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:31,4641303","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:31,4645283","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:31,4685565","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4688392","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4690412","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976412, endtime: 976412, seqnum: 0, connid: 0"
"12:27:31,4701179","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4702793","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,4704048","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976412, endtime: 976412, seqnum: 0, connid: 0"
"12:27:31,4810634","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.220.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4813479","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.220.239, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,4815131","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.220.239, Length: 2.920"
"12:27:31,4818713","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.223.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5005817","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5009078","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976413, endtime: 976413, seqnum: 0, connid: 0"
"12:27:31,5031484","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5033481","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5034675","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5035934","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976413, endtime: 976413, seqnum: 0, connid: 0"
"12:27:31,5191144","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.223.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5193975","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.223.159, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5195944","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.223.159, Length: 2.920"
"12:27:31,5198794","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.226.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5238092","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.226.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5241735","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.226.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5243709","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.226.079, Length: 5.840"
"12:27:31,5246559","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.231.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5335894","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5338716","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5340731","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976413, endtime: 976413, seqnum: 0, connid: 0"
"12:27:31,5350808","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5352730","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5353985","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976413, endtime: 976413, seqnum: 0, connid: 0"
"12:27:31,5409013","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.231.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5412614","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.231.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5415021","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.231.919, Length: 2.920"
"12:27:31,5418217","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.234.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5461116","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.234.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5465105","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.234.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5467120","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.234.839, Length: 2.920"
"12:27:31,5469551","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.237.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5655610","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5658455","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5660797","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976413, endtime: 976413, seqnum: 0, connid: 0"
"12:27:31,5670873","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5672492","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5674060","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976413, endtime: 976413, seqnum: 0, connid: 0"
"12:27:31,5718344","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.237.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5721489","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.237.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5723518","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.237.759, Length: 2.920"
"12:27:31,5727082","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.240.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5770872","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.240.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5773233","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.240.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5774842","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.240.679, Length: 2.920"
"12:27:31,5780921","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.243.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,5940058","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:31,5944406","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:31,5946836","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:31,5949211","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:31,5950876","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:31,5952845","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:31,5954869","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:31,5977555","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5980377","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5982397","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976414, endtime: 976414, seqnum: 0, connid: 0"
"12:27:31,5989791","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\sechost.dll.mui","SUCCESS","Offset: 0, Length: 2.048, I/O Flags: Synchronous"
"12:27:31,5992819","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5994587","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\sechost.dll.mui","SUCCESS","Offset: 0, Length: 2.048, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:31,5994834","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,5996411","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976414, endtime: 976414, seqnum: 0, connid: 0"
"12:27:31,6012617","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\sechost.dll.mui","SUCCESS","Offset: 184, Length: 1.864"
"12:27:31,6033848","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\sechost.dll.mui","SUCCESS","Offset: 0, Length: 2.048"
"12:27:31,6039492","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 483.792, Length: 16.200"
"12:27:31,6043052","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 483.328, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:31,6059972","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.243.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,6067174","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.243.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,6069992","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.243.599, Length: 2.920"
"12:27:31,6073957","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.246.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,6074345","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,6082326","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\sechost.dll.mui","SUCCESS","Filter: sechost.dll.mui, 1: sechost.dll.mui"
"12:27:31,6090868","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:31,6094600","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.246.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,6097432","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.246.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,6099400","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.246.519, Length: 2.920"
"12:27:31,6102283","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.249.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,6122039","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,6128001","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:31,6130394","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:31,6136823","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,6140462","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:31,6144058","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:31,6172510","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,6175762","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:31,6177385","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:31,6184676","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,6189117","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:31,6192369","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:31,6205967","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,6209597","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:31,6212811","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:31,6296888","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,6299711","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,6301735","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976414, endtime: 976414, seqnum: 0, connid: 0"
"12:27:31,6312171","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,6314107","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:31,6315357","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976414, endtime: 976414, seqnum: 0, connid: 0"
"12:27:31,6510956","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6520146","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:31,6523379","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:31,6541843","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:31,6583133","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6589589","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:31,6591586","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:31,6598014","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6602805","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:31,6606817","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,6621600","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6626055","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:31,6629307","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,6642467","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6646875","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:31,6649735","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,6662979","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6667387","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:31,6670559","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,6693077","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6697845","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:31,6699478","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:31,6702211","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,6707049","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\sechost.dll.mui","SUCCESS","Filter: sechost.dll.mui, 1: sechost.dll.mui"
"12:27:31,6711812","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:31,6722719","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6726768","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:31,6728391","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:31,6749636","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6753648","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:31,6755276","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:31,6776511","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6780513","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,6782128","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,6802957","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6806973","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,6808597","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:31,6829883","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6833872","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:31,6835486","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:31,6855919","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6859921","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:31,6861540","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:31,6882817","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6886791","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:31,6888420","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,6908880","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6912538","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:31,6914156","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,6935755","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6939417","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:31,6941031","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:31,6946643","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6951038","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,6957452","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6963032","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:31,6965033","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,6978328","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,6983963","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:31,6986725","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:31,6995467","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:31,6998677","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x6300000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:31,7001499","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:31,7013134","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7020369","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:31,7023117","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:31,7039645","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:31,7079414","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7084685","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:31,7086682","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:31,7093101","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7097878","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:31,7101573","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,7115521","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7121184","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:31,7124776","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,7137647","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7142046","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:31,7145228","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,7158472","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7162880","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:31,7165735","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,7188580","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7193007","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:31,7194639","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:31,7216276","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7221076","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:31,7222699","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:31,7243594","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7247928","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:31,7249551","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:31,7270819","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7274831","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,7276454","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,7297311","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7301319","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,7302933","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:31,7335821","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7341433","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:31,7343765","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:31,7367506","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7372301","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:31,7374261","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:31,7397572","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7402372","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:31,7404005","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,7434462","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7440051","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:31,7442486","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,7470206","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7475426","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:31,7478164","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:31,7486869","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7495747","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,7505338","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7511379","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:31,7513418","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,7531009","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7537074","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:31,7539854","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:31,7548601","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:31,7551796","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x6300000005af59, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:31,7554623","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:31,7574636","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:31,7614620","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7620992","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:31,7623003","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:31,7629436","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7634232","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:31,7638248","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,7652304","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7657095","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:31,7660692","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,7674001","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7678414","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:31,7681950","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,7695618","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7700031","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:31,7703232","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,7724733","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:31,7727303","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7727569","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:31,7730811","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:31,7731772","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:31,7734165","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:31,7736209","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:31,7741387","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:31,7744582","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:31,7747036","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:31,7750670","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:31,7753861","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:31,7756212","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:31,7756618","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7758223","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:31,7760224","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:31,7760989","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:31,7762654","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:31,7763065","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:31,7765495","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:31,7767525","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:31,7769498","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:31,7771481","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:31,7778320","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:31,7781884","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:31,7784715","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:31,7787057","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7791111","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:31,7793066","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:31,7815570","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7820832","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,7822782","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,7844460","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7848486","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,7850119","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:31,7872175","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7876177","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:31,7878137","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:31,7898984","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7902684","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:31,7904638","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:31,7929074","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7932773","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:31,7934714","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,7956420","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7960413","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:31,7962051","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,7983258","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7986934","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:31,7988888","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:31,7994533","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,7998946","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,8005715","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8011005","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:31,8013352","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,8027048","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8032231","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:31,8035809","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:31,8038244","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:31,8046940","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,8050144","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:31,8054945","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:31,8249876","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:31,8288045","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8292874","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:31,8294875","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:31,8301261","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8306076","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:31,8309738","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,8331747","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8338171","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:31,8342192","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,8357820","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8362270","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:31,8365806","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,8379498","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8383911","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:31,8387107","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,8410362","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8414411","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:31,8416767","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:31,8439271","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8443646","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:31,8445284","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:31,8467354","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8474505","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:31,8477346","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:31,8506260","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8511415","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,8513048","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,8536359","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8540776","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,8542717","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:31,8572890","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8578474","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:31,8580499","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:31,8604164","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8608568","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:31,8610541","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:31,8637211","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8642016","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:31,8643999","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,8674079","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8678496","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:31,8680134","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,8702199","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8706584","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:31,8708217","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:31,8714193","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8722683","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,8730665","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8737103","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:31,8739123","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,8754354","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8760386","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:31,8763152","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:31,8771507","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:31,8777502","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:31,8781518","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:31,8783958","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:31,8792369","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8798378","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:31,8800808","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:31,8817602","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:31,8839332","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:31,8882516","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8888557","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:31,8891346","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:31,8899804","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8906190","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:31,8911042","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,8931456","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8944024","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:31,8949192","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,8966891","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8972447","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:31,8975690","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,8990953","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,8995740","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:31,8998945","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,9024630","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9029454","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:31,9031427","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:31,9053889","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9057948","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:31,9059888","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:31,9081221","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9085583","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,9086189","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:31,9087225","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,9090570","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:31,9093019","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:31,9095072","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:31,9097026","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:31,9098678","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:31,9101033","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:31,9108493","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9112500","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,9114128","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:31,9137798","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9138372","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:31,9142179","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:31,9143196","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:31,9143816","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:31,9160643","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:31,9165485","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9169824","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:31,9171452","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:31,9179881","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,9185475","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.657.184, Length: 16.200"
"12:27:31,9192696","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9196377","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:31,9198313","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,9205571","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,9209999","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\shlwapi.DLL.mui","SUCCESS","Filter: shlwapi.DLL.mui, 1: shlwapi.dll.mui"
"12:27:31,9214398","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:31,9220831","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9224847","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:31,9226461","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,9243628","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,9249236","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:31,9250491","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9251279","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:31,9254526","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:31,9256149","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:31,9258090","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,9261752","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:31,9262956","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9265330","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:31,9267798","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,9275001","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9280976","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:31,9283020","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,9294202","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,9297066","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9297794","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:31,9299436","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:31,9302655","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:31,9305435","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:31,9305874","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,9309829","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:31,9313081","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:31,9314168","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:31,9320573","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:31,9327556","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,9331508","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:31,9335109","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:31,9343469","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:31,9426226","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:27:31,9430592","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:31,9434189","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,9436027","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:31,9460098","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9464540","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:31,9466522","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:31,9472554","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9477336","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:31,9481376","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,9495016","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9495207","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:27:31,9499774","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:31,9502811","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,9503418","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,9518980","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9527405","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:31,9531855","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,9548710","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9553496","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:31,9556701","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,9581566","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:31,9604046","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9608086","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: DNCI"
"12:27:31,9610041","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:31,9628029","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:27:31,9633706","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9637737","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:31,9639370","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:31,9642453","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,9654419","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:27:31,9661389","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9665410","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,9667028","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:31,9687900","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9691902","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:31,9693526","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:31,9700117","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.608"
"12:27:31,9714793","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9721618","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:31,9723564","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:31,9744062","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9748055","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:31,9749669","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:31,9770508","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9774184","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:31,9776115","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:31,9783607","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:31,9796618","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9800597","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:31,9802216","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:31,9822093","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:31,9825508","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9828395","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\shlwapi.DLL.mui","SUCCESS","Filter: shlwapi.DLL.mui, 1: shlwapi.dll.mui"
"12:27:31,9829529","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:31,9831148","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:31,9834782","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:31,9837114","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9841527","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,9847974","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:31,9853586","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:31,9855611","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:31,9869667","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:31,9956431","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:31,9959627","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:31,9969876","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,9972283","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:31,9974340","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:31,9983964","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:31,9986371","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:31, ChangeTime: 06.10.2013 12:27:31, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:31,9988801","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:32,0003515","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 4.096, Length: 512"
"12:27:32,0013265","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:32,0053449","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0059019","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:32,0061002","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:32,0067090","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0071866","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:32,0075864","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:32,0089472","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0093895","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:32,0097146","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:32,0110008","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0114388","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:32,0118395","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:32,0131648","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0136038","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:32,0139229","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:32,0140727","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\shlwapi.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:32,0161756","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0166188","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, FileAttributes: ANCI"
"12:27:32,0168138","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:32,0189770","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0193805","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:31, ChangeTime: 06.10.2013 12:27:31, FileAttributes: DNCI"
"12:27:32,0195428","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:32,0216323","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0220689","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:32,0222313","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:32,0243566","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0247560","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:32,0249178","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:32,0269676","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0273670","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:32,0275284","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:32,0296925","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0300918","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:32,0302537","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:32,0325381","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0329067","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:32,0331003","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:32,0351515","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0355494","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:32,0357108","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:32,0377592","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0381571","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:32,0383190","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:32,0404056","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0408036","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:32,0409659","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:32,0415252","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0419717","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:32,0426141","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0431706","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:32,0433712","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:32,0447823","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0455427","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:32,0459383","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:32,0461823","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:32,0470155","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:32,0473742","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:32,0477386","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:32,0479788","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:29, LastWriteTime: 06.10.2013 12:27:29, ChangeTime: 06.10.2013 12:27:29, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:32,0512662","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:32,0554153","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0559751","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:32,0561747","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:32,0568157","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0572976","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:32,0577002","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:32,0591011","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0595461","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:32,0599049","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:32,0612363","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0620186","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:32,0639042","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:32,0666663","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0672275","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:32,0675545","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:32,0701236","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0706395","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:32,0708042","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:32,0742143","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0747340","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:32,0748982","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:32,0779454","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0783867","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:32,0785817","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:32,0809916","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0813965","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:32,0822404","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:32,0856272","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0861152","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:32,0863158","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:32,0886403","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0890807","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:32,0892435","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:32,0914454","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0919660","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:32,0921293","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:32,0928794","AUDIODG.EXE","5852","Thread Exit","","SUCCESS","Thread ID: 9752, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:32,0943382","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0947781","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:32,0949745","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:32,0971866","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,0976223","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:32,0977856","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:32,0999931","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1003980","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:32,1005930","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:32,1011920","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1016408","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:32,1025238","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1035828","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:32,1039005","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:32,1057030","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1066309","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:32,1071100","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:32,1074729","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:32,1083840","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:32,1088249","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:32,1104236","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:32,1188075","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:32,1213368","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1230629","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:32,1233839","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:32,1241895","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1248263","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:32,1252699","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:32,1268346","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1273150","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:32,1276411","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:32,1291591","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1296046","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:32,1299256","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:32,1313283","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1320085","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:32,1323304","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:32,1364678","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:32,1397967","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1403201","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:32,1405221","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:32,1437676","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1442117","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:32,1444099","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:32,1498269","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1503545","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:32,1505962","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:32,1535617","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1541248","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:32,1544033","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:32,1612618","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1634683","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:32,1637034","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:32,1661955","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1666746","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:32,1668393","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:32,1691452","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,1692049","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1694675","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976419, endtime: 976419, seqnum: 0, connid: 0"
"12:27:32,1696448","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:32,1698062","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:32,1710732","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,1712705","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,1713890","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,1714749","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,1716316","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976419, endtime: 976419, seqnum: 0, connid: 0"
"12:27:32,1736534","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1741404","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:32,1743387","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:32,1767085","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1771470","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:32,1774274","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:32,1780660","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1785470","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:32,1792309","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1797963","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:32,1800314","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:32,1807974","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:32,1820840","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:32,1871199","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:32,1938874","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:32,1940898","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:32,1958966","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:32,1961396","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:32,1966551","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:32,2037156","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2039997","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2042418","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976420, endtime: 976420, seqnum: 0, connid: 0"
"12:27:32,2059264","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2061274","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2062856","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2064885","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976420, endtime: 976420, seqnum: 0, connid: 0"
"12:27:32,2432240","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2436233","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976420, endtime: 976420, seqnum: 0, connid: 0"
"12:27:32,2456675","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2459842","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2461498","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2463453","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2465524","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976420, endtime: 976420, seqnum: 0, connid: 0"
"12:27:32,2606221","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.249.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2610228","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.249.439, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2612640","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.249.439, Length: 2.920"
"12:27:32,2619791","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.252.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2638857","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.252.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2641693","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.252.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2644049","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.252.359, Length: 2.920"
"12:27:32,2647254","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.255.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2673691","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.255.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2676923","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.255.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2678911","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.255.279, Length: 1.460"
"12:27:32,2681728","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.256.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2705063","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.256.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2708613","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.256.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2711043","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.256.739, Length: 5.840"
"12:27:32,2714691","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.262.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2759270","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2759349","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.262.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2762134","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976420, endtime: 976420, seqnum: 0, connid: 0"
"12:27:32,2762494","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.262.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2764182","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.262.579, Length: 5.840"
"12:27:32,2767742","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.268.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2780188","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2782604","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2783472","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2784648","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,2786238","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976420, endtime: 976421, seqnum: 0, connid: 0"
"12:27:32,2860281","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.268.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2866327","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.268.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2869140","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.268.419, Length: 1.460"
"12:27:32,2873576","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.269.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2900503","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.269.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2904072","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.269.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2906507","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.269.879, Length: 1.460"
"12:27:32,2909693","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.271.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2951878","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.271.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2955060","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.272.320, EndOfFile: 409.271.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2960229","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.271.339, Length: 2.920, Priority: Normal"
"12:27:32,2980732","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.274.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2983157","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.274.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2985518","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.274.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,2987118","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.274.259, Length: 2.920"
"12:27:32,2989926","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.277.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3030222","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.277.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3033479","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.277.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3035475","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.277.179, Length: 7.300"
"12:27:32,3038699","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.284.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3084281","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3087467","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976421, endtime: 976421, seqnum: 0, connid: 0"
"12:27:32,3105912","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3108310","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3109933","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976421, endtime: 976421, seqnum: 0, connid: 0"
"12:27:32,3125920","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3129069","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3131509","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976421, endtime: 976421, seqnum: 0, connid: 0"
"12:27:32,3152721","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.284.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3156322","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.284.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3159807","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.284.479, Length: 1.460"
"12:27:32,3164621","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.285.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3193064","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.285.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3195503","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.285.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3197453","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.285.939, Length: 2.920"
"12:27:32,3200280","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.288.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3225971","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.288.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3229245","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.288.859, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3231592","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.288.859, Length: 2.920"
"12:27:32,3234060","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.291.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3435560","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3438041","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3440052","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976421, endtime: 976421, seqnum: 0, connid: 0"
"12:27:32,3452895","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3454877","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3456487","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3458455","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976421, endtime: 976421, seqnum: 0, connid: 0"
"12:27:32,3490392","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.291.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3493555","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.291.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3495953","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.291.779, Length: 2.920"
"12:27:32,3499554","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.294.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3526933","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.294.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3529312","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.294.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3530922","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.294.699, Length: 4.380"
"12:27:32,3533413","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.299.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3834277","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3837076","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3839432","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976422, endtime: 976422, seqnum: 0, connid: 0"
"12:27:32,3856333","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3858297","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3859151","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3860312","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,3862337","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976422, endtime: 976422, seqnum: 0, connid: 0"
"12:27:32,3893112","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.299.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3895930","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.299.079, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3897549","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.299.079, Length: 2.920"
"12:27:32,3900777","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.301.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3942864","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:32,3943028","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.301.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3946274","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.301.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3947259","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,3948276","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.301.999, Length: 4.380"
"12:27:32,3949699","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:32,3951471","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.306.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3952101","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:32,3954065","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:32,3955716","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:32,3957732","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:32,3974036","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.306.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3977623","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.306.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3980068","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.306.379, Length: 1.460"
"12:27:32,3983324","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.307.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,3991413","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ole32.dll.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Synchronous"
"12:27:32,3996213","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ole32.dll.mui","SUCCESS","Offset: 0, Length: 3.072, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:32,4013712","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ole32.dll.mui","SUCCESS","Offset: 184, Length: 2.888"
"12:27:32,4032638","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\ole32.dll.mui","SUCCESS","Offset: 0, Length: 3.072"
"12:27:32,4038208","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 375.090, Length: 16.200"
"12:27:32,4059447","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,4063888","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\ole32.dll.mui","SUCCESS","Filter: ole32.dll.mui, 1: ole32.dll.mui"
"12:27:32,4068315","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:32,4095209","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,4100789","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:32,4102808","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:32,4109232","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,4112876","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:32,4116873","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:32,4140133","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","REPARSE","Desired Access: All Access"
"12:27:32,4144173","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,4145764","svchost.exe","884","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"12:27:32,4147732","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:32,4149752","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:32,4151012","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: All Access"
"12:27:32,4155789","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"12:27:32,4156559","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,4159390","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Default","NAME NOT FOUND","Length: 44"
"12:27:32,4160207","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:32,4162595","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: ##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:32,4163822","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:32,4164032","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4166887","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4167419","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:32,4168907","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976422, endtime: 976422, seqnum: 0, connid: 0"
"12:27:32,4171855","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:32,4175466","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:32,4177831","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,4179426","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:32,4181801","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:32,4182673","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:32,4185057","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:32,4185706","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4187334","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4187702","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:32,4188192","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4189354","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4190912","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976422, endtime: 976422, seqnum: 0, connid: 0"
"12:27:32,4192069","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:32,4196052","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:32,4198856","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:32,4201692","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:32,4204547","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4206941","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: ##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:32,4210103","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Read"
"12:27:32,4212949","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 0, Name: #"
"12:27:32,4215356","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Read"
"12:27:32,4221775","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS","Desired Access: Read"
"12:27:32,4225013","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12:27:32,4226664","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.307.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4229491","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.307.839, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4229654","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\Control","SUCCESS",""
"12:27:32,4233209","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 144, Data: \\?\NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}"
"12:27:32,4233769","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.307.839, Length: 2.920"
"12:27:32,4236815","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:32,4238187","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.310.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4239661","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Index: 1, Name: Control"
"12:27:32,4242842","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:32,4246038","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4248851","svchost.exe","884","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","NO MORE ENTRIES","Index: 2, Length: 512"
"12:27:32,4252060","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4261279","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4264908","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4266718","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.310.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4268575","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4269867","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.310.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4271901","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.310.759, Length: 5.840"
"12:27:32,4272125","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:32,4275493","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.316.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4275768","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4278968","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4282178","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4285401","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4288583","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4291820","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4294624","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:32,4297866","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4301006","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:32,4306576","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4310518","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4313797","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4317007","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:32,4320207","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4322623","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4324970","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4327027","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4329038","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4331421","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4333423","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:32,4335797","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4337453","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:32,4351080","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4354303","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4357555","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4359929","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:32,4362733","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4364776","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4366787","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4369129","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4370813","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4373187","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4375170","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&6c76d36&0"
"12:27:32,4377213","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4379158","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&6c76d36&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:32,4390084","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4393275","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4396512","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4398887","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\Properties","NAME NOT FOUND","Desired Access: Query Value"
"12:27:32,4401312","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4425244","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4428449","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4431658","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4434023","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS","Desired Access: Query Value"
"12:27:32,4436818","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4438847","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4440862","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4442896","svchost.exe","884","RegQueryKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,4444893","svchost.exe","884","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS","Desired Access: Query Value"
"12:27:32,4447263","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4448933","svchost.exe","884","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 58, Data: NUSB3\ROOT_HUB30\5&f7e7d32&0"
"12:27:32,4451279","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}","SUCCESS",""
"12:27:32,4453271","svchost.exe","884","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\##?#NUSB3#ROOT_HUB30#5&f7e7d32&0#{c7426f31-6b8e-47d5-bae8-35faf7ff53d9}\#","SUCCESS",""
"12:27:32,4483580","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4486724","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4488744","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976422, endtime: 976422, seqnum: 0, connid: 0"
"12:27:32,4503238","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4504857","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4506032","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4507199","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4508454","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976422, endtime: 976422, seqnum: 0, connid: 0"
"12:27:32,4550070","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.316.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4553224","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.316.599, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4554856","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.316.599, Length: 2.920"
"12:27:32,4558462","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.319.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4592652","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.319.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4595460","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.319.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4597093","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.319.519, Length: 5.840"
"12:27:32,4600289","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.325.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4627929","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:32,4631199","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:32,4634325","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:32,4638360","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:32,4643169","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:32,4716965","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,4722227","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\ole32.dll.mui","SUCCESS","Filter: ole32.dll.mui, 1: ole32.dll.mui"
"12:27:32,4726650","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:32,4800837","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:32,4804448","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976423, endtime: 976423, seqnum: 0, connid: 0"
"12:27:32,4867598","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.325.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4870439","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.325.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,4872081","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.325.359, Length: 1.460"
"12:27:32,4875640","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.326.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:32,6065826","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:32,6070193","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:32,6072623","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:32,6075007","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:32,6078198","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:32,6081407","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:32,6084197","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:32,6125314","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\msctf.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:32,6130147","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\msctf.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:32,6147604","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\msctf.dll.mui","SUCCESS","Offset: 184, Length: 3.912"
"12:27:32,6167714","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\msctf.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:32,6174936","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 286.476, Length: 16.200"
"12:27:32,6195863","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,6200617","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\MSCTF.dll.mui","SUCCESS","Filter: MSCTF.dll.mui, 1: msctf.dll.mui"
"12:27:32,6205034","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:32,6245578","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,6251190","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:32,6253205","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:32,6260063","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,6264019","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:32,6267256","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:32,6300980","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,6308560","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:32,6310221","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:32,6318193","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,6322168","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:32,6325429","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:32,6339065","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,6342699","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:32,6346692","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:32,6852224","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:32,6857416","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\MSCTF.dll.mui","SUCCESS","Filter: MSCTF.dll.mui, 1: msctf.dll.mui"
"12:27:32,6862184","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:32,7552426","Explorer.EXE","2816","ReadFile","C:\Windows\System32\thumbcache.dll","SUCCESS","Offset: 102.400, Length: 6.144, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:32,7578037","Explorer.EXE","2816","ReadFile","C:\Windows\System32\thumbcache.dll","SUCCESS","Offset: 95.744, Length: 3.584, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:32,7587264","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","SUCCESS",""
"12:27:32,7590922","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","SUCCESS","CreationTime: 26.08.2013 19:31:32, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 21.09.2013 16:42:20, ChangeTime: 21.09.2013 16:42:20, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:32,7596898","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","SUCCESS","Offset: 0, Length: 1.024"
"12:27:32,7642988","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","SUCCESS",""
"12:27:32,7646160","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","SUCCESS","CreationTime: 28.07.2013 13:13:02, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 16.09.2013 14:19:36, ChangeTime: 16.09.2013 14:19:36, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:32,7651819","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","SUCCESS","Offset: 0, Length: 1.024, I/O Flags: Synchronous"
"12:27:32,7680327","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db","SUCCESS",""
"12:27:32,7682734","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db","SUCCESS","CreationTime: 28.07.2013 13:13:02, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 16.09.2013 14:19:36, ChangeTime: 16.09.2013 14:19:36, AllocationSize: 01.01.1601 02:00:11, EndOfFile: 01.01.1601 02:00:11, FileAttributes: ANCI"
"12:27:32,7687944","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db","SUCCESS","Offset: 0, Length: 1.024, I/O Flags: Synchronous"
"12:27:32,7714829","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db","SUCCESS",""
"12:27:32,7718421","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db","SUCCESS","CreationTime: 28.07.2013 13:13:02, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 16.09.2013 14:19:36, ChangeTime: 16.09.2013 14:19:36, AllocationSize: 01.01.1601 02:00:03, EndOfFile: 01.01.1601 02:00:03, FileAttributes: ANCI"
"12:27:32,7723245","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db","SUCCESS","Offset: 0, Length: 1.024, I/O Flags: Synchronous"
"12:27:32,7750931","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db","SUCCESS",""
"12:27:32,7753315","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db","SUCCESS","CreationTime: 28.07.2013 13:13:02, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 16.09.2013 14:19:36, ChangeTime: 16.09.2013 14:19:36, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:32,7758148","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db","SUCCESS","Offset: 0, Length: 24, I/O Flags: Synchronous"
"12:27:32,7785065","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db","SUCCESS",""
"12:27:32,7787458","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db","SUCCESS","CreationTime: 28.07.2013 13:13:02, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 16.09.2013 14:19:36, ChangeTime: 16.09.2013 14:19:36, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:32,7792249","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db","SUCCESS","Offset: 0, Length: 24, I/O Flags: Synchronous"
"12:27:33,0271025","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:33,0275391","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:33,0277822","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:33,0280257","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:33,0282221","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:33,0284194","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:33,0286214","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:33,0322349","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:33,0327131","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:33,0343962","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:33,0367525","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,0373547","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.021.470, Length: 16.200"
"12:27:33,0394391","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,0398832","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\DINPUT8.dll.mui","SUCCESS","Filter: DINPUT8.dll.mui, 1: dinput8.dll.mui"
"12:27:33,0403217","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:33,0438825","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,0446041","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:33,0448080","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:33,0455651","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,0459673","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:33,0463311","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:33,0491735","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,0494982","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:33,0496605","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:33,0502637","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,0506248","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:33,0509807","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:33,0529792","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,0535385","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:33,0539435","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:33,0630062","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 26.316, Length: 4.096"
"12:27:33,0633644","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 512, Length: 4.096"
"12:27:33,0641743","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 32, Length: 4.096"
"12:27:33,0645321","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 33.737, Length: 567"
"12:27:33,0648904","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:33,0652150","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,0654982","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 30.208, Length: 4.096"
"12:27:33,0657739","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 24.832, Length: 4.096"
"12:27:33,0660193","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 30.208, Length: 4.096"
"12:27:33,0662969","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 24.832, Length: 4.096"
"12:27:33,0665800","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:33,0676628","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,0714316","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 5.476, Length: 4.096"
"12:27:33,0724365","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,0730354","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 4.608, Length: 4.096"
"12:27:33,0733583","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 2.560, Length: 4.096"
"12:27:33,0744023","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 31.232, Length: 3.072"
"12:27:33,0754473","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,0887528","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:33,0893975","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:33,0899937","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:33,0905171","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:33,0910400","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:33,0915611","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:33,0925211","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:33,0930450","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 32.768, Length: 1.536"
"12:27:33,0948131","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,0962489","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:33,0967327","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:33,0971764","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:33,0976186","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:33,0980594","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:33,0985003","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:33,0989416","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:33,0993829","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 32.768, Length: 1.536"
"12:27:33,1044197","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 34.304"
"12:27:33,1135748","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,1175461","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,1180270","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\DINPUT8.dll.mui","SUCCESS","Filter: DINPUT8.dll.mui, 1: dinput8.dll.mui"
"12:27:33,1184702","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:33,1462391","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 4.096, Length: 30.208"
"12:27:33,1566318","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dinput8.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,1991262","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,1994093","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,1996113","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976430, endtime: 976430, seqnum: 0, connid: 0"
"12:27:33,2010561","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2012189","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2013355","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2014512","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2015758","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976430, endtime: 976430, seqnum: 0, connid: 0"
"12:27:33,2076753","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.326.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2080405","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.326.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2083158","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.326.819, Length: 2.920"
"12:27:33,2088812","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.329.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2125460","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.329.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2129057","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.329.739, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2131142","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.329.739, Length: 2.920"
"12:27:33,2134687","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.332.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2176560","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.332.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2179387","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.332.659, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2181375","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.332.659, Length: 2.920"
"12:27:33,2184211","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.335.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2315792","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2318992","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2321003","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976430, endtime: 976430, seqnum: 0, connid: 0"
"12:27:33,2337820","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2339462","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2340633","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2341487","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2343049","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976430, endtime: 976430, seqnum: 0, connid: 0"
"12:27:33,2377538","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.335.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2381139","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.337.856, EndOfFile: 409.335.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2385636","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.335.579, Length: 2.920, Priority: Normal"
"12:27:33,2406456","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.338.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2410920","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:33,2414914","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:33,2417769","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:33,2420983","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:33,2422102","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.338.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2422975","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:33,2424906","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.338.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2424981","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:33,2426912","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.338.499, Length: 5.840"
"12:27:33,2427337","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:33,2430490","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.344.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2463043","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:33,2467521","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:33,2485551","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:33,2510672","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,2517418","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 272.868, Length: 16.200"
"12:27:33,2538350","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,2543131","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\WINSPOOL.DRV.mui","SUCCESS","Filter: WINSPOOL.DRV.mui, 1: winspool.drv.mui"
"12:27:33,2547558","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:33,2574410","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,2579663","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:33,2581683","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:33,2588097","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,2592044","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:33,2595267","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:33,2622576","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,2625804","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:33,2627750","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:33,2633842","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,2637453","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:33,2641008","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:33,2643415","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2646246","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2648271","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976430, endtime: 976430, seqnum: 0, connid: 0"
"12:27:33,2654308","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,2658254","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:33,2660731","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2661487","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:33,2662681","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2663540","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,2665457","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976430, endtime: 976430, seqnum: 0, connid: 0"
"12:27:33,2717378","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.344.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2720984","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.344.339, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2723028","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.344.339, Length: 2.920"
"12:27:33,2726582","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.347.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2747696","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 67.276, Length: 4.096"
"12:27:33,2750920","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 512, Length: 4.096"
"12:27:33,2759410","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 32, Length: 4.096"
"12:27:33,2760544","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.347.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2763361","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 77.257, Length: 567"
"12:27:33,2764108","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.347.259, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2767005","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:33,2768455","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.347.259, Length: 4.380"
"12:27:33,2770592","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,2772444","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.351.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,2773447","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:33,2776199","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 68.352, Length: 4.096"
"12:27:33,2778667","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:33,2781452","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 68.352, Length: 4.096"
"12:27:33,2784284","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:33,2795125","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,2837390","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 5.476, Length: 4.096"
"12:27:33,2849463","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,2857487","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 76.288, Length: 1.536"
"12:27:33,2865879","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,2891975","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:33,2995286","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,3032247","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3035517","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976431, endtime: 976431, seqnum: 0, connid: 0"
"12:27:33,3037906","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:33,3046373","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:33,3055232","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:33,3056804","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3059234","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3061179","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3062770","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3064366","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3066367","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 7300, startime: 976431, endtime: 976431, seqnum: 0, connid: 0"
"12:27:33,3066819","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:33,3074867","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:33,3082097","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:33,3098061","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:33,3104485","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:33,3110069","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:33,3115289","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:33,3121353","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:33,3126583","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:33,3131789","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:33,3136990","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:33,3142196","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:33,3147393","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:33,3152590","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:33,3157474","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:33,3175131","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,3188375","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:33,3193143","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:33,3197575","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:33,3197841","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.351.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3201017","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.351.639, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3202771","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:33,3203000","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.351.639, Length: 1.460"
"12:27:33,3205818","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.353.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3207208","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:33,3211616","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:33,3216039","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:33,3220881","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:33,3225294","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 36.864, Length: 4.096"
"12:27:33,3230043","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 40.960, Length: 4.096"
"12:27:33,3231648","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.353.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3234484","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.353.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3234853","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 45.056, Length: 4.096"
"12:27:33,3236476","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.353.099, Length: 5.840"
"12:27:33,3239336","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 49.152, Length: 4.096"
"12:27:33,3240096","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.358.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3244089","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 53.248, Length: 4.096"
"12:27:33,3248488","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 57.344, Length: 4.096"
"12:27:33,3252570","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 61.440, Length: 4.096"
"12:27:33,3256969","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 65.536, Length: 4.096"
"12:27:33,3260058","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.358.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3261392","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 69.632, Length: 4.096"
"12:27:33,3262423","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.358.939, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3263696","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.358.939, Length: 1.460"
"12:27:33,3265814","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 73.728, Length: 4.096"
"12:27:33,3266575","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.360.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3311909","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 61.440"
"12:27:33,3315091","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 61.440, Length: 16.384"
"12:27:33,3358373","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3361148","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3363149","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976431, endtime: 976431, seqnum: 0, connid: 0"
"12:27:33,3380223","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3382262","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3383871","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3386223","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976431, endtime: 976431, seqnum: 0, connid: 0"
"12:27:33,3400199","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,3419741","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.360.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3422568","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.360.399, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3424214","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.360.399, Length: 2.920"
"12:27:33,3427368","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.363.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3440295","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,3445086","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\WINSPOOL.DRV.mui","SUCCESS","Filter: WINSPOOL.DRV.mui, 1: winspool.drv.mui"
"12:27:33,3449494","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:33,3458885","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.363.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3459925","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 59.904, Length: 4.096"
"12:27:33,3461684","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.363.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3463638","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.363.319, Length: 4.380"
"12:27:33,3466834","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.367.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3606882","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 61.440"
"12:27:33,3610903","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 61.440, Length: 16.384"
"12:27:33,3678853","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3681671","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3683677","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976431, endtime: 976431, seqnum: 0, connid: 0"
"12:27:33,3694099","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3695703","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,3696949","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976431, endtime: 976431, seqnum: 0, connid: 0"
"12:27:33,3698810","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,3750167","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.367.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3752990","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.367.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3754618","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.367.699, Length: 2.920"
"12:27:33,3757426","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.370.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3793402","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.370.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3796201","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.370.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3797843","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.370.619, Length: 2.920"
"12:27:33,3801016","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.373.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,3942948","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 37.376, Length: 4.096"
"12:27:33,4105855","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 544, Length: 4.096"
"12:27:33,4246243","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,4262645","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 4.608, Length: 4.096"
"12:27:33,4267124","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 8.704, Length: 4.096"
"12:27:33,4271873","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 12.800, Length: 4.096"
"12:27:33,4275941","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 16.896, Length: 4.096"
"12:27:33,4280302","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 20.992, Length: 4.096"
"12:27:33,4284347","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 25.088, Length: 4.096"
"12:27:33,4288732","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 29.184, Length: 4.096"
"12:27:33,4292777","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 33.280, Length: 4.096"
"12:27:33,4296816","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 39.424, Length: 4.096"
"12:27:33,4301211","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 43.520, Length: 4.096"
"12:27:33,4305246","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 47.616, Length: 4.096"
"12:27:33,4309627","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 51.712, Length: 4.096"
"12:27:33,4313666","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 55.808, Length: 4.096"
"12:27:33,4333106","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4335923","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4337472","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4338349","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4339515","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4342328","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4343494","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4344731","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 10220, startime: 976432, endtime: 976432, seqnum: 0, connid: 0"
"12:27:33,4371475","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4374283","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4376691","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976432, endtime: 976432, seqnum: 0, connid: 0"
"12:27:33,4407256","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.373.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4412891","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.373.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4414547","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.373.539, Length: 5.840"
"12:27:33,4421750","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.379.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4449329","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.379.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4452133","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.379.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4454088","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.379.379, Length: 4.380"
"12:27:33,4457311","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.383.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4497430","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.383.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4501064","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.383.759, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4503056","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.383.759, Length: 2.920"
"12:27:33,4505836","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.386.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4538351","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 64.000, Length: 4.096"
"12:27:33,4543114","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 68.096, Length: 4.096"
"12:27:33,4547159","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 72.192, Length: 4.096"
"12:27:33,4623595","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:33,4626408","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:33,4628769","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:33,4631987","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:33,4636461","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:33,4642152","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4645712","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976432, endtime: 976432, seqnum: 0, connid: 0"
"12:27:33,4658601","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4660579","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4661764","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4663019","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976432, endtime: 976432, seqnum: 0, connid: 0"
"12:27:33,4709580","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\winspool.drv.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,4912466","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.386.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4915279","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.386.679, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4918054","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.386.679, Length: 1.460"
"12:27:33,4926130","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.388.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,4986215","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,4989462","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976433, endtime: 976433, seqnum: 0, connid: 0"
"12:27:33,5002687","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,5004669","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,5005537","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,5007114","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976433, endtime: 976433, seqnum: 0, connid: 0"
"12:27:33,5142413","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.388.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5145580","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.388.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5147218","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.388.139, Length: 4.380"
"12:27:33,5150451","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.392.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5180167","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.392.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5182970","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.392.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5184972","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.392.519, Length: 1.460"
"12:27:33,5187743","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.393.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5214151","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.393.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5217393","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.393.979, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5219801","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.393.979, Length: 4.380"
"12:27:33,5223439","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.398.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5311710","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:33,5314533","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976433, endtime: 976433, seqnum: 0, connid: 0"
"12:27:33,5375374","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.398.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5378616","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.398.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,5380570","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.398.359, Length: 1.460"
"12:27:33,5383439","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.399.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:33,6410915","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:33,6415272","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:33,6418505","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:33,6420898","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:33,6422559","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:33,6424523","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:33,6426538","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:33,6462631","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:33,6467077","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:33,6484365","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:33,6507620","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,6513979","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.586.066, Length: 16.200"
"12:27:33,6536865","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,6541306","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Filter: uxtheme.dll.mui, 1: uxtheme.dll.mui"
"12:27:33,6545682","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:33,6572165","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,6577423","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:33,6579433","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:33,6585824","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,6589454","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:33,6592682","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:33,6619510","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,6622743","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:33,6624367","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:33,6630394","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,6634000","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:33,6637545","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:33,6650453","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,6654064","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:33,6657269","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:33,6748334","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 7.113, Length: 567"
"12:27:33,6752687","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:33,6755976","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,6759190","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 4.096, Length: 3.584"
"12:27:33,6761919","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 3.584, Length: 4.096"
"12:27:33,6764769","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:33,6775620","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,6813346","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 5.476, Length: 2.204"
"12:27:33,6829333","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,6836941","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 6.656, Length: 1.024"
"12:27:33,6844639","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,6870282","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 4.096, Length: 3.584"
"12:27:33,6881539","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 2.048, Length: 4.096"
"12:27:33,6997487","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,7013908","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 4.096, Length: 3.584"
"12:27:33,7032778","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,7042397","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 4.096, Length: 3.584"
"12:27:33,7087335","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 7.680"
"12:27:33,7170349","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,7206456","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,7210888","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Filter: uxtheme.dll.mui, 1: uxtheme.dll.mui"
"12:27:33,7214923","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:33,7366605","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 4.096, Length: 3.584"
"12:27:33,7389324","firefox.exe","6744","LockFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Exclusive: True, Offset: 124, Length: 1, Fail Immediately: True"
"12:27:33,7391768","firefox.exe","6744","UnlockFileSingle","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Offset: 124, Length: 1"
"12:27:33,7393728","firefox.exe","6744","LockFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Exclusive: False, Offset: 124, Length: 1, Fail Immediately: True"
"12:27:33,7400156","firefox.exe","6744","LockFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Exclusive: True, Offset: 120, Length: 1, Fail Immediately: True"
"12:27:33,7408170","firefox.exe","6744","WriteFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-wal","SUCCESS","Offset: 327.952, Length: 24"
"12:27:33,7410983","firefox.exe","6744","WriteFile","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-wal","SUCCESS","Offset: 327.976, Length: 32.768"
"12:27:33,7413806","firefox.exe","6744","UnlockFileSingle","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Offset: 120, Length: 1"
"12:27:33,7422688","firefox.exe","6744","UnlockFileSingle","C:\Users\wonderwall\AppData\Roaming\Mozilla\Firefox\Profiles\x3v0vzqh.default\cookies.sqlite-shm","SUCCESS","Offset: 124, Length: 1"
"12:27:33,7497034","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\uxtheme.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:33,8327213","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:33,8330450","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:33,8334056","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:33,8337648","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\RIconManState","NAME NOT FOUND","Length: 144"
"12:27:33,8340069","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:33,8342467","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:33,8344473","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:33,8346843","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:33,8348914","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\DisableReader","NAME NOT FOUND","Length: 144"
"12:27:33,8350925","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:33,8352903","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:33,8354881","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:33,8356905","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:33,8358939","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\EnableReader","NAME NOT FOUND","Length: 144"
"12:27:33,8360945","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:33,8362919","RIconMan.exe","2696","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:33,8364929","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","REPARSE","Desired Access: All Access"
"12:27:33,8366963","RIconMan.exe","2696","RegOpenKey","HKLM\System\CurrentControlSet\SERVICES\RSPCIESTOR\Parameters","SUCCESS","Desired Access: All Access"
"12:27:33,8368992","RIconMan.exe","2696","RegQueryValue","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters\ReloadDriver","NAME NOT FOUND","Length: 144"
"12:27:33,8370980","RIconMan.exe","2696","RegCloseKey","HKLM\System\CurrentControlSet\services\RSPCIESTOR\Parameters","SUCCESS",""
"12:27:33,8874175","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:33,8878200","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:33,8880631","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:33,8883001","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:33,8884965","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:33,8886593","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:33,8888603","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:33,8926749","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dsound.dll.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Synchronous"
"12:27:33,8931535","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dsound.dll.mui","SUCCESS","Offset: 0, Length: 2.560, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:33,8948101","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dsound.dll.mui","SUCCESS","Offset: 184, Length: 2.376"
"12:27:33,8966117","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\dsound.dll.mui","SUCCESS","Offset: 0, Length: 2.560"
"12:27:33,8971360","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.769.100, Length: 16.200"
"12:27:33,8991047","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,8995455","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\DSOUND.dll.mui","SUCCESS","Filter: DSOUND.dll.mui, 1: dsound.dll.mui"
"12:27:33,8999831","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:33,9026771","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,9032355","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:33,9034371","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:33,9040776","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,9044396","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:33,9047633","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:33,9074056","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,9077289","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:33,9078903","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:33,9084939","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,9088541","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:33,9091773","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:33,9105405","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,9109025","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:33,9112556","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:33,9125077","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","SUCCESS",""
"12:27:33,9128328","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","SUCCESS","CreationTime: 26.08.2013 19:31:32, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 21.09.2013 16:42:20, ChangeTime: 21.09.2013 16:42:20, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:33,9131552","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db","SUCCESS","Offset: 0, Length: 1.024"
"12:27:33,9142365","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","SUCCESS",""
"12:27:33,9144735","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","SUCCESS","CreationTime: 28.07.2013 13:13:02, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 16.09.2013 14:19:36, ChangeTime: 16.09.2013 14:19:36, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:33,9147156","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db","SUCCESS","Offset: 0, Length: 1.024"
"12:27:33,9154830","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db","SUCCESS",""
"12:27:33,9157181","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db","SUCCESS","CreationTime: 28.07.2013 13:13:02, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 16.09.2013 14:19:36, ChangeTime: 16.09.2013 14:19:36, AllocationSize: 01.01.1601 02:00:11, EndOfFile: 01.01.1601 02:00:11, FileAttributes: ANCI"
"12:27:33,9159248","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db","SUCCESS","Offset: 0, Length: 1.024"
"12:27:33,9166446","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db","SUCCESS",""
"12:27:33,9168461","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db","SUCCESS","CreationTime: 28.07.2013 13:13:02, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 16.09.2013 14:19:36, ChangeTime: 16.09.2013 14:19:36, AllocationSize: 01.01.1601 02:00:03, EndOfFile: 01.01.1601 02:00:03, FileAttributes: ANCI"
"12:27:33,9170850","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db","SUCCESS","Offset: 0, Length: 1.024"
"12:27:33,9178034","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db","SUCCESS",""
"12:27:33,9180059","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db","SUCCESS","CreationTime: 28.07.2013 13:13:02, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 16.09.2013 14:19:36, ChangeTime: 16.09.2013 14:19:36, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:33,9182120","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db","SUCCESS","Offset: 0, Length: 24"
"12:27:33,9188101","Explorer.EXE","2816","CloseFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db","SUCCESS",""
"12:27:33,9190116","Explorer.EXE","2816","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db","SUCCESS","CreationTime: 28.07.2013 13:13:02, LastAccessTime: 16.09.2013 14:19:36, LastWriteTime: 16.09.2013 14:19:36, ChangeTime: 16.09.2013 14:19:36, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:33,9192486","Explorer.EXE","2816","ReadFile","C:\Users\wonderwall\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db","SUCCESS","Offset: 0, Length: 24"
"12:27:33,9603860","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:33,9609071","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\DSOUND.dll.mui","SUCCESS","Filter: DSOUND.dll.mui, 1: dsound.dll.mui"
"12:27:33,9614230","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:34,0706516","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:34,0710589","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:34,0713327","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:34,0715384","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:34,0718995","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:34,0720978","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:34,0723002","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:34,0757864","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:34,0762319","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:34,0781483","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:34,0805162","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,0810807","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.882.986, Length: 16.200"
"12:27:34,0814366","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.880.064, Length: 12.288, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:34,0843989","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,0848761","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\POWRPROF.dll.mui","SUCCESS","Filter: POWRPROF.dll.mui, 1: powrprof.dll.mui"
"12:27:34,0853156","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:34,0880078","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,0885335","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:34,0887350","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,0893737","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,0897361","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,0900590","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:34,0934588","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,0938959","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:34,0940956","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:34,0947795","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,0951466","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,0955441","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:34,0969510","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,0973518","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:34,0977077","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,1062922","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 30.412, Length: 4.096"
"12:27:34,1066155","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 512, Length: 4.096"
"12:27:34,1074230","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 32, Length: 4.096"
"12:27:34,1077813","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 38.857, Length: 567"
"12:27:34,1081382","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:34,1084633","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,1087465","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 35.328, Length: 4.096"
"12:27:34,1090231","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 29.952, Length: 4.096"
"12:27:34,1092680","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 35.328, Length: 4.096"
"12:27:34,1095456","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 29.952, Length: 4.096"
"12:27:34,1098283","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:34,1109078","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,1143617","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 5.476, Length: 4.096"
"12:27:34,1153652","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,1163276","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 37.376, Length: 2.048"
"12:27:34,1172512","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,1197783","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:34,1311287","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,1334589","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:34,1340205","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:34,1345812","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:34,1351047","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:34,1357004","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:34,1362266","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:34,1367500","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:34,1373075","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:34,1378309","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 36.864, Length: 2.560"
"12:27:34,1394790","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,1424026","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:34,1429624","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:34,1434424","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 12.288, Length: 4.096"
"12:27:34,1439607","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 16.384, Length: 4.096"
"12:27:34,1444048","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 20.480, Length: 4.096"
"12:27:34,1448816","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 24.576, Length: 4.096"
"12:27:34,1453247","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 28.672, Length: 4.096"
"12:27:34,1457670","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 32.768, Length: 4.096"
"12:27:34,1462120","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 36.864, Length: 2.560"
"12:27:34,1511019","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 39.424"
"12:27:34,1603353","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,1641093","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,1645497","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\POWRPROF.dll.mui","SUCCESS","Filter: POWRPROF.dll.mui, 1: powrprof.dll.mui"
"12:27:34,1649537","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:34,1808893","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 4.096, Length: 35.328"
"12:27:34,1900434","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\powrprof.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,1980355","Windows7FirewallService.exe","2128","CreateFile","C:\SystemRoot\System32\smss.exe","PATH NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,2014055","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\csrss.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2043631","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\csrss.exe","SUCCESS","CreationTime: 14.07.2009 01:19:49, LastAccessTime: 14.07.2009 01:19:49, LastWriteTime: 14.07.2009 03:39:02, ChangeTime: 11.05.2013 14:06:59, FileAttributes: A"
"12:27:34,2047200","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\csrss.exe","SUCCESS",""
"12:27:34,2055998","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2061689","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,2073856","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,2099504","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2107122","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,2113942","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,2141895","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2149928","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\csrss.exe","SUCCESS","Filter: csrss.exe, 1: csrss.exe"
"12:27:34,2156356","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,2192090","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wininit.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2206118","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wininit.exe","SUCCESS","CreationTime: 14.07.2009 01:52:37, LastAccessTime: 14.07.2009 01:52:37, LastWriteTime: 14.07.2009 03:39:52, ChangeTime: 06.09.2013 09:34:00, FileAttributes: A"
"12:27:34,2208893","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wininit.exe","SUCCESS",""
"12:27:34,2223308","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2232106","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,2237373","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,2255399","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2261034","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,2265424","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,2283921","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2291114","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wininit.exe","SUCCESS","Filter: wininit.exe, 1: wininit.exe"
"12:27:34,2296343","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,2332049","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\csrss.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2346147","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\csrss.exe","SUCCESS","CreationTime: 14.07.2009 01:19:49, LastAccessTime: 14.07.2009 01:19:49, LastWriteTime: 14.07.2009 03:39:02, ChangeTime: 11.05.2013 14:06:59, FileAttributes: A"
"12:27:34,2349744","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\csrss.exe","SUCCESS",""
"12:27:34,2357739","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2362988","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,2367354","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,2382599","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2387894","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,2392251","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,2407870","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2412749","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\csrss.exe","SUCCESS","Filter: csrss.exe, 1: csrss.exe"
"12:27:34,2417979","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,2447611","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\services.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2460873","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\services.exe","SUCCESS","CreationTime: 14.07.2009 01:19:46, LastAccessTime: 14.07.2009 01:19:46, LastWriteTime: 14.07.2009 03:39:37, ChangeTime: 11.05.2013 14:07:38, FileAttributes: A"
"12:27:34,2463308","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\services.exe","SUCCESS",""
"12:27:34,2468808","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2470870","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2475237","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:34,2476091","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,2478096","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:34,2480112","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,2495334","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2496551","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,2500549","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,2504202","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,2520688","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2530531","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\services.exe","SUCCESS","Filter: services.exe, 1: services.exe"
"12:27:34,2533442","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,2536283","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976440, endtime: 976440, seqnum: 0, connid: 0"
"12:27:34,2537501","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2538112","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,2552401","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:34,2554766","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,2556333","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,2559109","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,2560718","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,2561637","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2561992","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,2564348","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976440, endtime: 976440, seqnum: 0, connid: 0"
"12:27:34,2566806","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:34,2570841","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,2585051","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\lsass.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2585238","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2589693","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:34,2593285","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,2604345","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\lsass.exe","SUCCESS","CreationTime: 11.05.2013 14:10:27, LastAccessTime: 11.05.2013 14:10:27, LastWriteTime: 17.11.2011 08:33:55, ChangeTime: 11.05.2013 14:55:06, FileAttributes: A"
"12:27:34,2607713","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2608721","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\lsass.exe","SUCCESS",""
"12:27:34,2612145","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:34,2617384","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,2621121","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2628720","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,2631827","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2634351","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,2638209","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:34,2643382","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,2657246","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2664799","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,2671349","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,2675141","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2681523","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:34,2683576","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,2693004","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2700164","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\lsass.exe","SUCCESS","Filter: lsass.exe, 1: lsass.exe"
"12:27:34,2705828","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,2708403","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2713180","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:34,2715200","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,2745312","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2750537","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\lsm.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2751335","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,2753756","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,2771240","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\lsm.exe","SUCCESS","CreationTime: 21.11.2010 05:23:53, LastAccessTime: 21.11.2010 05:23:53, LastWriteTime: 21.11.2010 05:23:53, ChangeTime: 11.05.2013 14:07:12, FileAttributes: A"
"12:27:34,2774427","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\lsm.exe","SUCCESS",""
"12:27:34,2777449","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2781825","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,2782903","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2783472","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,2788879","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,2793283","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,2809783","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2814797","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2816118","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,2820605","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,2821674","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,2824020","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:34,2837455","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2846384","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\lsm.exe","SUCCESS","Filter: lsm.exe, 1: lsm.exe"
"12:27:34,2849290","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2852850","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,2854151","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:34,2856157","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:34,2879832","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2884231","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:34,2886209","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:34,2887320","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2901361","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,2903829","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,2909091","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2911438","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2913131","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:34,2914764","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,2918197","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,2923431","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,2931460","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,2935052","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976441, endtime: 976441, seqnum: 0, connid: 0"
"12:27:34,2947965","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2952354","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2955139","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,2955527","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,2958312","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,2958400","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:34,2960322","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,2960863","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,2961120","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,2961988","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,2964362","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976441, endtime: 976441, seqnum: 0, connid: 0"
"12:27:34,2980811","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2986409","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,2988615","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,2990827","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,2993458","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:34,2995417","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:34,3001486","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3006282","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,3013876","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3021737","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3026439","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:34,3030045","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,3037822","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,3041792","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,3050543","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3052274","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3057709","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:34,3059439","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,3060172","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:34,3065028","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,3069656","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:34,3073654","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7a00000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:34,3076798","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,3087066","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3088498","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3094893","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:34,3095029","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,3097319","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:34,3103640","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,3114570","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,3130147","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3137811","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,3144226","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,3161463","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3168232","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:34,3171502","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,3180678","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3181919","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\atiesrxx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3186761","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:34,3188697","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\atiesrxx.exe","SUCCESS","CreationTime: 29.09.2011 11:50:12, LastAccessTime: 11.05.2013 13:23:48, LastWriteTime: 29.09.2011 11:50:12, ChangeTime: 22.09.2013 09:54:10, FileAttributes: A"
"12:27:34,3192373","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\atiesrxx.exe","SUCCESS",""
"12:27:34,3193003","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,3202394","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3208766","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,3212806","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,3214275","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3224874","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:34,3229623","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,3232021","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3238860","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,3244131","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,3248078","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3259740","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3263356","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976441, endtime: 976441, seqnum: 0, connid: 0"
"12:27:34,3264984","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3272541","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\atiesrxx.exe","SUCCESS","Filter: atiesrxx.exe, 1: atiesrxx.exe"
"12:27:34,3276632","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:34,3277757","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3278582","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,3280229","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3282981","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976441, endtime: 976441, seqnum: 0, connid: 0"
"12:27:34,3285944","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,3296207","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3299010","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3301077","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976441, endtime: 976441, seqnum: 0, connid: 0"
"12:27:34,3311060","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3319527","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:34,3320754","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\winlogon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3326310","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,3337613","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\winlogon.exe","SUCCESS","CreationTime: 21.11.2010 05:24:29, LastAccessTime: 21.11.2010 05:24:29, LastWriteTime: 21.11.2010 05:24:29, ChangeTime: 11.05.2013 14:07:46, FileAttributes: A"
"12:27:34,3341994","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\winlogon.exe","SUCCESS",""
"12:27:34,3352411","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3358830","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3361801","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,3363653","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:34,3365309","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,3367833","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,3389050","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3389325","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3393729","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:34,3395366","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,3395492","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,3401113","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,3419857","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3422456","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3425884","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,3427853","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,3430489","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\winlogon.exe","SUCCESS","Filter: winlogon.exe, 1: winlogon.exe"
"12:27:34,3436105","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,3450754","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3455129","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,3456767","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,3469833","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3479989","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3484048","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,3486002","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:34,3487085","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,3491092","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,3501541","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3508707","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,3510909","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3513955","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,3515298","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:34,3520929","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:34,3535260","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3541614","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:34,3546017","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,3546218","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3551037","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:34,3553393","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:34,3566506","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3574203","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,3577100","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3580212","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,3580692","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3582694","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:34,3583921","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976441, endtime: 976441, seqnum: 0, connid: 0"
"12:27:34,3585166","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,3597519","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3599982","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3602371","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976441, endtime: 976441, seqnum: 0, connid: 0"
"12:27:34,3615237","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3617989","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3620023","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976441, endtime: 976441, seqnum: 0, connid: 0"
"12:27:34,3624707","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3626321","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3631984","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:34,3634797","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,3642018","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,3645984","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,3656811","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3657665","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3662442","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:34,3663673","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,3664075","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:34,3669253","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,3670055","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3674534","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,3681685","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3687330","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:34,3689340","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,3694057","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3700807","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:34,3703806","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3705635","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,3709838","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:34,3712614","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:34,3721081","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryInformationVolume","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","VolumeCreationTime: 11.05.2013 13:22:49, VolumeSerialNumber: 30DF-77A8, SupportsObjects: True, VolumeLabel: Win"
"12:27:34,3723469","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAllInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI, AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x7a00000005af56, EaSize: 0, Access: Read Attributes, Synchronize, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"12:27:34,3725877","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,3728508","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3736144","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,3741383","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,3741472","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a"
"12:27:34,3773413","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3781376","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3787133","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,3787762","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:34,3789792","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,3789922","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,3796579","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3798762","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3801403","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:34,3804738","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,3805396","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,3809147","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,3819895","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3827219","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3827476","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:34,3831110","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,3833255","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,3837627","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,3845515","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3849947","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:34,3853156","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,3853306","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3858526","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,3862547","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,3867207","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3871620","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:34,3875222","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,3897847","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3898901","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3903688","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:34,3905330","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,3915877","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,3919903","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,3928165","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3930320","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3930343","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3933889","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976442, endtime: 976442, seqnum: 0, connid: 0"
"12:27:34,3934173","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:34,3937028","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,3941134","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,3951168","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,3953556","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3956374","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3958380","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3958716","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3960018","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,3962397","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976442, endtime: 976442, seqnum: 0, connid: 0"
"12:27:34,3967281","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,3969711","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,3971200","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,3978094","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,3983706","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,4004144","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4005492","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4010549","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,4013572","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,4014967","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,4016800","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,4035922","WLANExt.exe","1988","Thread Exit","","SUCCESS","Thread ID: 9688, User Time: 0.0000000, Kernel Time: 0.0000000"
"12:27:34,4047678","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4051853","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4052482","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,4054125","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:34,4057525","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS","CreationTime: 22.07.2013 21:33:32, LastAccessTime: 22.07.2013 21:33:32, LastWriteTime: 16.05.2013 03:14:56, ChangeTime: 22.07.2013 21:33:32, FileAttributes: N"
"12:27:34,4060273","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM\stacsv64.exe","SUCCESS",""
"12:27:34,4075943","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4078583","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4081578","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT","SUCCESS","Filter: IDT, 1: IDT"
"12:27:34,4085273","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:34,4090390","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:34,4090810","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:34,4119318","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4124487","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4125298","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:34,4128069","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:34,4132487","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM","SUCCESS","Filter: WDM, 1: WDM"
"12:27:34,4139256","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT","SUCCESS",""
"12:27:34,4156176","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4157795","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4161769","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM\STacSV64.exe","SUCCESS","Filter: STacSV64.exe, 1: stacsv64.exe"
"12:27:34,4162614","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:34,4164265","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,4166169","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM","SUCCESS",""
"12:27:34,4192740","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4197503","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:34,4198236","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4199136","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,4211913","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,4214703","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,4222718","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4224024","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4227966","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,4228451","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:34,4230401","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:34,4231992","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,4238033","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4243295","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,4247582","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4250516","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4252821","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,4256502","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:34,4256837","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,4258521","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,4272461","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4274168","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4277657","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,4279747","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:34,4281697","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,4283391","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:34,4285830","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:34,4294227","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","AllocationSize: 56, EndOfFile: 54, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,4297050","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:34,4300651","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,4302191","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,4304252","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976442, endtime: 976442, seqnum: 0, connid: 0"
"12:27:34,4310606","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\hpservice.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4316218","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\hpservice.exe","SUCCESS","CreationTime: 25.04.2012 14:02:52, LastAccessTime: 11.05.2013 13:48:04, LastWriteTime: 25.04.2012 14:02:52, ChangeTime: 11.05.2013 13:48:05, FileAttributes: A"
"12:27:34,4319050","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\hpservice.exe","SUCCESS",""
"12:27:34,4324681","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,4326644","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4327848","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,4329513","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,4331468","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,4333469","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,4333553","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976442, endtime: 976442, seqnum: 0, connid: 0"
"12:27:34,4337491","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,4352335","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4357517","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,4361179","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,4388442","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4393671","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","CreationTime: 16.12.2012 13:25:38, LastAccessTime: 13.05.2013 10:47:49, LastWriteTime: 16.12.2012 13:25:38, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:34,4396083","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS",""
"12:27:34,4411272","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4416497","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Sandboxie\SbieSvc.exe","SUCCESS","Filter: SbieSvc.exe, 1: SbieSvc.exe"
"12:27:34,4420546","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:27:34,4467094","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4472323","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS","CreationTime: 03.08.2013 09:34:58, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:34:58, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:34,4475047","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe","SUCCESS",""
"12:27:34,4489915","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4494752","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:34,4498746","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,4510861","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,4530883","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\atieclxx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4536476","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\atieclxx.exe","SUCCESS","CreationTime: 29.09.2011 11:50:36, LastAccessTime: 11.05.2013 13:23:48, LastWriteTime: 29.09.2011 11:50:36, ChangeTime: 22.09.2013 09:54:10, FileAttributes: A"
"12:27:34,4538902","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\atieclxx.exe","SUCCESS",""
"12:27:34,4546114","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4550728","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4551288","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,4554968","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,4555897","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:34,4558696","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,4567121","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4569752","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4572765","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:34,4574627","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,4577220","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,4578638","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,4594024","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4594644","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4599855","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\atieclxx.exe","SUCCESS","Filter: atieclxx.exe, 1: atieclxx.exe"
"12:27:34,4600904","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:34,4604263","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,4608126","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,4625186","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"12:27:34,4628750","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:34,4629436","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4630476","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,4632403","ALMon.exe","1560","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: HandleTags, HandleTags: 0x1"
"12:27:34,4633629","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,4635034","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:34,4635561","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4636055","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976442, endtime: 976442, seqnum: 0, connid: 0"
"12:27:34,4636405","ALMon.exe","1560","RegOpenKey","HKCU\Software\Classes\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:34,4641243","ALMon.exe","1560","RegOpenKey","HKCR\Wow6432Node\CLSID\{72C5961A-7923-4109-BF4B-CBA5CE20BC53}","NAME NOT FOUND","Desired Access: Read"
"12:27:34,4642092","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,4646482","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,4648427","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,4649281","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976442, endtime: 976442, seqnum: 0, connid: 0"
"12:27:34,4650857","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,4658041","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4662898","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,4663775","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4666886","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,4669377","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:34,4672979","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,4681315","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4686507","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,4690547","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,4701449","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4702611","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,4705041","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,4705386","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4707103","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976442, endtime: 976442, seqnum: 0, connid: 0"
"12:27:34,4707126","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:34,4710252","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,4710625","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,4714642","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,4737192","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4741988","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:34,4743509","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wlanext.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4743947","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,4757560","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wlanext.exe","SUCCESS","CreationTime: 14.07.2009 02:07:15, LastAccessTime: 14.07.2009 02:07:15, LastWriteTime: 14.07.2009 03:39:54, ChangeTime: 11.05.2013 14:07:46, FileAttributes: A"
"12:27:34,4760321","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wlanext.exe","SUCCESS",""
"12:27:34,4767566","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4768457","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4772413","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,4772894","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,4774867","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,4776388","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,4791647","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4796494","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,4798574","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4800478","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,4804135","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,4806547","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,4816096","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4821330","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\WLANExt.exe","SUCCESS","Filter: WLANExt.exe, 1: wlanext.exe"
"12:27:34,4825361","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,4833053","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4837485","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,4839113","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:34,4853827","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\conhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4862746","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4867421","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","CreationTime: 12.09.2013 20:28:20, LastAccessTime: 12.09.2013 20:28:20, LastWriteTime: 02.08.2013 03:09:17, ChangeTime: 12.09.2013 21:03:53, FileAttributes: A"
"12:27:34,4867574","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:34,4869562","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:34,4869888","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\conhost.exe","SUCCESS",""
"12:27:34,4877091","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4882288","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,4885945","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,4891609","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4895648","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:34,4897281","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:34,4900747","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4905608","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,4909573","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,4921712","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4926951","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:34,4929390","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4934055","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,4936528","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\conhost.exe","SUCCESS","Filter: conhost.exe, 1: conhost.exe"
"12:27:34,4941389","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,4969761","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4971114","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\spoolsv.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,4975788","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:34,4978573","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,4984750","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\spoolsv.exe","SUCCESS","CreationTime: 11.05.2013 14:07:36, LastAccessTime: 11.05.2013 14:07:36, LastWriteTime: 11.02.2012 08:36:02, ChangeTime: 11.05.2013 14:55:02, FileAttributes: A"
"12:27:34,4987502","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\spoolsv.exe","SUCCESS",""
"12:27:34,4994784","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5000364","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,5005206","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,5010655","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5024827","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5031274","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5032076","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:34,5034819","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 1460, startime: 976443, endtime: 976443, seqnum: 0, connid: 0"
"12:27:34,5038048","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,5039998","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:34,5042475","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:34,5054515","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5054524","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5057309","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5058149","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5059287","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5060906","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,5060934","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5063327","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 5840, startime: 976443, endtime: 976443, seqnum: 0, connid: 0"
"12:27:34,5065380","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\spoolsv.exe","SUCCESS","Filter: spoolsv.exe, 1: spoolsv.exe"
"12:27:34,5071384","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,5073357","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5080924","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:34,5083405","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,5101011","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5101445","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5108634","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","BUFFER OVERFLOW","Name: \Users"
"12:27:34,5112627","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu"
"12:27:34,5113928","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,5117511","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,5124966","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\*","SUCCESS","Filter: *, 1: ."
"12:27:34,5125964","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5131040","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","0: .., 1: com.jeroenwijering.sol"
"12:27:34,5131515","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,5135052","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","NO MORE FILES",""
"12:27:34,5135532","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,5138578","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,5147451","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5150810","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5153847","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNameInformationFile","C:\","SUCCESS","Name: \"
"12:27:34,5156030","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,5156688","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\","SUCCESS",""
"12:27:34,5160009","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,5173141","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","IS DIRECTORY","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,5175245","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5180120","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,5184132","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,5187169","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","ACCESS DENIED","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,5217804","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5224648","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:46:52, ChangeTime: 05.08.2013 09:19:04, FileAttributes: ANCI"
"12:27:34,5227470","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe","SUCCESS",""
"12:27:34,5234715","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5241171","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,5243975","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,5252810","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5255502","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5258445","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:34,5260745","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","CreationTime: 10.05.2013 00:57:24, LastAccessTime: 30.06.2013 18:43:15, LastWriteTime: 10.05.2013 00:57:24, ChangeTime: 30.06.2013 18:43:15, FileAttributes: A"
"12:27:34,5263166","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS",""
"12:27:34,5263670","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,5279214","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5281686","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5284406","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe","SUCCESS","Filter: Adobe, 1: Adobe"
"12:27:34,5287312","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:34,5288413","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS",""
"12:27:34,5292523","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,5302861","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5308104","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS","Filter: ARM, 1: ARM"
"12:27:34,5312093","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe","SUCCESS",""
"12:27:34,5313394","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5324889","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:34,5329311","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,5330119","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5336566","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS","Filter: 1.0, 1: 1.0"
"12:27:34,5341772","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM","SUCCESS",""
"12:27:34,5346633","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5352580","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:34,5356611","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,5359116","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5359877","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5361934","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5363954","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976443, endtime: 976443, seqnum: 0, connid: 0"
"12:27:34,5366650","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe","SUCCESS","Filter: armsvc.exe, 1: armsvc.exe"
"12:27:34,5371838","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Adobe\ARM\1.0","SUCCESS",""
"12:27:34,5376736","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5378359","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5379218","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5380776","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 4380, startime: 976443, endtime: 976443, seqnum: 0, connid: 0"
"12:27:34,5389569","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5395568","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,5397593","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,5423321","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5425602","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5427724","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,5429670","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,5432427","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS","CreationTime: 13.02.2013 12:46:48, LastAccessTime: 11.05.2013 13:22:57, LastWriteTime: 13.02.2013 12:46:48, ChangeTime: 15.05.2013 16:19:51, FileAttributes: ANCI"
"12:27:34,5436047","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\iCLS Client\HeciServer.exe","SUCCESS",""
"12:27:34,5456503","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5458098","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5463342","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:34,5463705","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,5466173","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,5468599","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:34,5496267","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5501865","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,5504627","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:34,5527168","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5534329","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS","CreationTime: 03.08.2013 09:35:05, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:35:05, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:34,5536004","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5537949","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe","SUCCESS",""
"12:27:34,5541611","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:34,5544359","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:34,5558050","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5564819","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:34,5570422","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,5572894","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5578464","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:34,5581249","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:34,5604551","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5611763","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","CreationTime: 25.07.2012 10:46:42, LastAccessTime: 15.06.2013 07:13:50, LastWriteTime: 25.07.2012 10:46:42, ChangeTime: 15.06.2013 07:13:50, FileAttributes: ANCI"
"12:27:34,5615169","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5615402","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS",""
"12:27:34,5621966","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:34,5624727","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,5634258","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5639473","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia","SUCCESS","Filter: Secunia, 1: Secunia"
"12:27:34,5643835","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,5650030","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5654457","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:34,5656435","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,5659127","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5664356","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia\PSI","SUCCESS","Filter: PSI, 1: PSI"
"12:27:34,5667986","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia","SUCCESS",""
"12:27:34,5680068","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5684136","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:34,5684411","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Secunia\PSI","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5686109","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:34,5690392","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Secunia\PSI\sua.exe","SUCCESS","Filter: sua.exe, 1: sua.exe"
"12:27:34,5692136","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5694399","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Secunia\PSI","SUCCESS",""
"12:27:34,5696918","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,5703780","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5709420","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:34,5712210","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,5724512","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5728094","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5734299","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5735731","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","BUFFER OVERFLOW","Name: \Users"
"12:27:34,5737420","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5739402","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H"
"12:27:34,5739444","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976443, endtime: 976443, seqnum: 0, connid: 0"
"12:27:34,5740582","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskhost.exe","SUCCESS","CreationTime: 11.05.2013 14:09:45, LastAccessTime: 11.05.2013 14:09:45, LastWriteTime: 23.11.2012 05:13:57, ChangeTime: 11.05.2013 14:55:03, FileAttributes: A"
"12:27:34,5744179","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskhost.exe","SUCCESS",""
"12:27:34,5748228","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Filter: streamcloud.eu, 1: streamcloud.eu"
"12:27:34,5749525","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5751093","firefox.exe","5220","TCP Receive","lmlicenses.wip4.adobe.com:64550 -> lmlicenses.wip4.adobe.com:64549","SUCCESS","Length: 1460, seqnum: 0, connid: 0"
"12:27:34,5752334","firefox.exe","5220","TCP Send","lmlicenses.wip4.adobe.com:64549 -> lmlicenses.wip4.adobe.com:64550","SUCCESS","Length: 2920, startime: 976443, endtime: 976443, seqnum: 0, connid: 0"
"12:27:34,5753388","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,5754983","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5763240","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,5769739","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,5774310","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0"
"12:27:34,5795009","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5801811","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,5806998","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,5824655","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5830272","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskhost.exe","SUCCESS","Filter: taskhost.exe, 1: taskhost.exe"
"12:27:34,5834699","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,5865157","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5867326","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,5870797","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","CreationTime: 03.08.2013 09:35:27, LastAccessTime: 03.08.2013 09:36:29, LastWriteTime: 03.08.2013 09:35:27, ChangeTime: 03.08.2013 09:36:29, FileAttributes: A"
"12:27:34,5873250","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS",""
"12:27:34,5889256","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5891822","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5895279","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:34,5896977","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:34,5898647","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,5899668","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,5905005","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5909483","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:34,5913481","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,5932706","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5933480","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5940692","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:34,5943146","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe","SUCCESS","Filter: ALsvc.exe, 1: ALsvc.exe"
"12:27:34,5945558","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,5949192","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS",""
"12:27:34,5963985","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5969606","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:34,5973665","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,5986461","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\dwm.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,5997013","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6000526","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\dwm.exe","SUCCESS","CreationTime: 14.07.2009 01:37:38, LastAccessTime: 14.07.2009 01:37:38, LastWriteTime: 14.07.2009 03:39:08, ChangeTime: 11.05.2013 14:07:03, FileAttributes: A"
"12:27:34,6002657","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:34,6003315","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\dwm.exe","SUCCESS",""
"12:27:34,6006632","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,6010952","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6017324","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,6021784","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,6033120","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,6037458","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6043014","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,6047036","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,6057205","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6061609","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:32, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: DNCI"
"12:27:34,6063895","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6064035","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,6069124","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\Dwm.exe","SUCCESS","Filter: Dwm.exe, 1: dwm.exe"
"12:27:34,6073178","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,6087710","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6092114","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,6094077","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,6101630","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\explorer.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6107657","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\explorer.exe","SUCCESS","CreationTime: 11.05.2013 14:10:50, LastAccessTime: 11.05.2013 17:21:33, LastWriteTime: 25.02.2011 08:19:30, ChangeTime: 12.05.2013 08:15:45, FileAttributes: A"
"12:27:34,6110433","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\explorer.exe","SUCCESS",""
"12:27:34,6119348","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6120911","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6123416","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,6125370","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,6126849","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,6130889","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,6146559","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6147445","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6151784","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\Explorer.EXE","SUCCESS","Filter: Explorer.EXE, 1: explorer.exe"
"12:27:34,6151844","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,6153510","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:34,6155772","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,6177576","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6181929","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:34,6183552","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:34,6206042","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6209158","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6210068","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:34,6212051","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:34,6214742","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS","CreationTime: 12.11.2012 18:00:09, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 12.11.2012 18:00:09, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:34,6218395","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe","SUCCESS",""
"12:27:34,6238455","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6240815","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6245615","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:34,6246054","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:34,6248820","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,6250901","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,6276577","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6282124","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:34,6284531","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,6302664","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6309838","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS","CreationTime: 11.02.2012 08:55:04, LastAccessTime: 10.08.2013 18:00:11, LastWriteTime: 11.02.2012 08:55:04, ChangeTime: 10.08.2013 18:00:11, FileAttributes: ANCI"
"12:27:34,6312292","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6313496","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe","SUCCESS",""
"12:27:34,6317871","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:34,6320316","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:34,6331428","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6333121","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6337838","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,6338346","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Microsoft SQL Server\90","SUCCESS","Filter: 90, 1: 90"
"12:27:34,6342325","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server","SUCCESS",""
"12:27:34,6346641","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6353078","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:34,6355462","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,6356815","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft SQL Server\90","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6361643","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Microsoft SQL Server\90\Shared","SUCCESS","Filter: Shared, 1: Shared"
"12:27:34,6366383","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft SQL Server\90","SUCCESS",""
"12:27:34,6372349","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Random Access, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Created"
"12:27:34,6394112","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6406950","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,6409375","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,6419666","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6428819","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,6434091","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,6452919","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6457957","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:34,6458540","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,6461497","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:34,6462673","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:34,6462962","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,6466344","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:34,6469087","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:34,6471149","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:34,6471397","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,6473561","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:34,6474200","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,6475548","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:34,6476598","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54, Priority: Normal"
"12:27:34,6477578","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:34,6479420","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6484655","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,6486217","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:34,6489054","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:34,6489072","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,6491857","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Offset: 0, Length: 54"
"12:27:34,6511222","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:34,6515280","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:34,6517879","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","ACCESS DENIED","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,6532601","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:34,6549339","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6551215","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6551490","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,6555796","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS","CreationTime: 03.08.2013 09:35:07, LastAccessTime: 03.08.2013 09:36:06, LastWriteTime: 03.08.2013 09:35:07, ChangeTime: 03.08.2013 09:36:06, FileAttributes: A"
"12:27:34,6556412","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:34,6557466","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 1.834.548, Length: 16.200"
"12:27:34,6558072","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,6558618","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe","SUCCESS",""
"12:27:34,6572585","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6578388","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,6579783","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:34,6582078","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6583142","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Filter: mswsock.dll.mui, 1: mswsock.dll.mui"
"12:27:34,6584220","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,6587989","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:34,6590452","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:34,6595714","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,6600603","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6605072","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:34,6608660","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,6616847","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,6622510","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:34,6624847","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,6631345","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,6634154","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6635329","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,6636090","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6638898","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:34,6640134","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:34,6643787","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,6644930","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","CreationTime: 14.09.2012 15:09:22, LastAccessTime: 18.11.2012 10:45:57, LastWriteTime: 14.09.2012 15:09:22, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:34,6648461","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS",""
"12:27:34,6659443","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6664290","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:34,6667854","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,6668208","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,6668931","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6671810","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:34,6673447","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:34,6675784","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SynTP","SUCCESS","Filter: SynTP, 1: SynTP"
"12:27:34,6680211","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,6680599","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics","SUCCESS",""
"12:27:34,6683878","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,6687461","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:34,6696702","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6697407","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6701582","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, FileAttributes: ANCI"
"12:27:34,6702683","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,6703056","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SynTP\SynTPEnh.exe","SUCCESS","Filter: SynTPEnh.exe, 1: SynTPEnh.exe"
"12:27:34,6703611","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,6706713","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:34,6707478","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP","SUCCESS",""
"12:27:34,6709979","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,6728877","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6733654","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, FileAttributes: DNCI"
"12:27:34,6736439","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,6750788","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6756428","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS","CreationTime: 19.08.2009 16:31:40, LastAccessTime: 11.05.2013 13:45:36, LastWriteTime: 19.08.2009 16:31:40, ChangeTime: 15.05.2013 16:19:50, FileAttributes: ANCI"
"12:27:34,6758863","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe","SUCCESS",""
"12:27:34,6758943","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6763346","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,6764984","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,6787791","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6788150","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6791873","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,6793729","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","CreationTime: 22.07.2013 21:33:32, LastAccessTime: 22.07.2013 21:33:32, LastWriteTime: 16.05.2013 03:14:56, ChangeTime: 22.07.2013 21:33:32, FileAttributes: N"
"12:27:34,6793832","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,6796146","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS",""
"12:27:34,6802248","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 12.233, Length: 567"
"12:27:34,6806633","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:34,6810635","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,6811764","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6813822","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 8.704, Length: 4.096"
"12:27:34,6816691","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 3.328, Length: 4.096"
"12:27:34,6817917","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6818995","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT","SUCCESS","Filter: IDT, 1: IDT"
"12:27:34,6819872","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 8.704, Length: 4.096"
"12:27:34,6823539","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,6824728","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 3.328, Length: 4.096"
"12:27:34,6825391","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:34,6825955","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:34,6830354","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 1.024, Length: 4.096"
"12:27:34,6846369","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,6852574","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6855205","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6858997","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM","SUCCESS","Filter: WDM, 1: WDM"
"12:27:34,6860807","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:34,6863229","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:34,6863471","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT","SUCCESS",""
"12:27:34,6881054","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\IDT\WDM","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6886320","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\IDT\WDM\sttray64.exe","SUCCESS","Filter: sttray64.exe, 1: sttray64.exe"
"12:27:34,6890500","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 5.476, Length: 4.096"
"12:27:34,6890719","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\IDT\WDM","SUCCESS",""
"12:27:34,6896565","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6900964","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,6902228","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:34,6904225","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:34,6908185","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 10.752, Length: 2.048"
"12:27:34,6917851","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,6926463","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6931524","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6932070","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS","CreationTime: 05.08.2013 09:19:04, LastAccessTime: 05.08.2013 09:19:04, LastWriteTime: 16.04.2013 16:49:08, ChangeTime: 05.08.2013 09:19:04, FileAttributes: ANCI"
"12:27:34,6934813","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe","SUCCESS",""
"12:27:34,6937495","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:34,6942347","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,6946261","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:34,6957965","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 2.048, Length: 4.096"
"12:27:34,6964142","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\igfxpers.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6969721","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\igfxpers.exe","SUCCESS","CreationTime: 09.08.2011 09:03:00, LastAccessTime: 11.05.2013 13:23:49, LastWriteTime: 09.08.2011 09:03:00, ChangeTime: 22.09.2013 09:54:27, FileAttributes: A"
"12:27:34,6971648","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6972147","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\igfxpers.exe","SUCCESS",""
"12:27:34,6976840","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:34,6978813","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,6984253","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,6991931","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,6997529","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,7013861","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7018494","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7021484","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:34,7024689","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:34,7027320","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32","SUCCESS","Filter: System32, 1: System32"
"12:27:34,7033105","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7033375","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,7039146","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,7046726","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7052721","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:34,7054759","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,7055441","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7063017","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\igfxpers.exe","SUCCESS","Filter: igfxpers.exe, 1: igfxpers.exe"
"12:27:34,7069048","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,7071614","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7079288","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:34,7083244","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","BUFFER OVERFLOW","Name: \Users"
"12:27:34,7085684","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:34,7089556","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,7094319","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:34,7097887","FlashPlayerPlugin_11_8_800_168.exe","8216","SetDispositionInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Delete: True"
"12:27:34,7101535","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,7103966","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:31, LastWriteTime: 06.10.2013 12:27:32, ChangeTime: 06.10.2013 12:27:32, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:34,7106014","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7115960","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:34,7123601","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","CreationTime: 21.11.2010 05:24:15, LastAccessTime: 21.11.2010 05:24:15, LastWriteTime: 21.11.2010 05:24:15, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:27:34,7125639","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:34,7127244","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS",""
"12:27:34,7133290","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 12.288, Length: 512"
"12:27:34,7137656","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7144066","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,7147122","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","ACCESS DENIED","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,7149338","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,7150495","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,7166188","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 4.096, Length: 4.096"
"12:27:34,7168161","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7172196","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 8.192, Length: 4.096"
"12:27:34,7174967","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,7179987","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 12.288, Length: 512"
"12:27:34,7180229","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,7187586","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7192857","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, FileAttributes: ANCI"
"12:27:34,7194863","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:34,7197830","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7202029","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7203895","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem","SUCCESS","Filter: wbem, 1: wbem"
"12:27:34,7206848","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:34,7208667","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,7210864","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,7225755","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7226343","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7230541","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:34,7231955","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem\wmiprvse.exe","SUCCESS","Filter: wmiprvse.exe, 1: WmiPrvSE.exe"
"12:27:34,7234129","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,7235995","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:27:34,7239381","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 12.800"
"12:27:34,7247783","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7252178","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:34,7255378","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,7266406","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7269028","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7273445","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:34,7276627","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,7279323","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,7282071","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,7289306","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7294540","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,7299336","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,7299966","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7304757","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, FileAttributes: ANCI"
"12:27:34,7307150","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS",""
"12:27:34,7325068","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7331497","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,7338270","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,7343486","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7349126","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, FileAttributes: DNCI"
"12:27:34,7351132","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,7354374","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7354845","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,7359972","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,7364371","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,7375194","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7379607","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,7381277","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,7394441","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7400105","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","CreationTime: 16.09.2011 14:39:24, LastAccessTime: 11.05.2013 13:36:02, LastWriteTime: 16.09.2011 14:39:24, ChangeTime: 11.05.2013 13:36:02, FileAttributes: A"
"12:27:34,7402857","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS",""
"12:27:34,7404625","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:34,7406099","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7410279","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Filter: mswsock.dll.mui, 1: mswsock.dll.mui"
"12:27:34,7410545","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,7412514","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,7417869","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:34,7424596","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7433007","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe","SUCCESS","Filter: nusb3mon.exe, 1: nusb3mon.exe"
"12:27:34,7438185","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application","SUCCESS",""
"12:27:34,7440168","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7444245","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,7446204","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:34,7468731","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7469459","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7473536","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:34,7475477","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","CreationTime: 03.08.2013 09:35:27, LastAccessTime: 03.08.2013 09:36:30, LastWriteTime: 03.08.2013 09:35:27, ChangeTime: 03.08.2013 09:36:30, FileAttributes: A"
"12:27:34,7475505","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:34,7477940","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS",""
"12:27:34,7494366","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7497202","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7499604","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos","SUCCESS","Filter: Sophos, 1: Sophos"
"12:27:34,7501554","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:34,7503570","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:34,7504036","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,7529647","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7533715","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:34,7535651","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,7536099","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7543343","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe","SUCCESS","Filter: ALMon.exe, 1: ALMon.exe"
"12:27:34,7549753","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Sophos\AutoUpdate","SUCCESS",""
"12:27:34,7558523","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7562209","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:34,7564154","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,7585846","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7588645","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7591444","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:34,7594635","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:34,7596240","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","CreationTime: 05.11.2012 16:14:34, LastAccessTime: 11.05.2013 13:47:14, LastWriteTime: 05.11.2012 16:14:34, ChangeTime: 11.05.2013 13:47:14, FileAttributes: A"
"12:27:34,7599519","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS",""
"12:27:34,7603102","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7609115","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,7620335","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7621977","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7628354","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:34,7628764","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS","Filter: Shared, 1: Shared"
"12:27:34,7631153","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,7634358","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard","SUCCESS",""
"12:27:34,7635599","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 4.096, Length: 8.704"
"12:27:34,7648842","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 4.608, Length: 4.096"
"12:27:34,7650069","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7652808","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7659301","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe","SUCCESS","Filter: hpqWmiEx.exe, 1: hpqWmiEx.exe"
"12:27:34,7659698","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:34,7664489","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","BUFFER OVERFLOW","Name: \Users"
"12:27:34,7665249","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Hewlett-Packard\Shared","SUCCESS",""
"12:27:34,7671127","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Name: \Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx"
"12:27:34,7679739","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryAttributeTagFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","Attributes: ANCI, ReparseTag: 0x0"
"12:27:34,7684548","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, FileAttributes: ANCI"
"12:27:34,7687357","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 8.704, Length: 4.096"
"12:27:34,7696537","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7703376","FlashPlayerPlugin_11_8_800_168.exe","8216","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","ACCESS DENIED","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a"
"12:27:34,7709394","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS","CreationTime: 21.11.2010 05:24:15, LastAccessTime: 21.11.2010 05:24:15, LastWriteTime: 21.11.2010 05:24:15, ChangeTime: 11.05.2013 14:09:02, FileAttributes: A"
"12:27:34,7711811","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem\WmiPrvSE.exe","SUCCESS",""
"12:27:34,7721840","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7727098","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,7731096","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,7745525","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7751528","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,7756338","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,7772017","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7777214","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem","SUCCESS","Filter: wbem, 1: wbem"
"12:27:34,7781594","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,7790211","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,7795669","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\mswsock.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:34,7796863","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\wbem","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7801714","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\wbem\wmiprvse.exe","SUCCESS","Filter: wmiprvse.exe, 1: WmiPrvSE.exe"
"12:27:34,7806496","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\wbem","SUCCESS",""
"12:27:34,7815084","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7820281","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, FileAttributes: DNCI"
"12:27:34,7822264","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,7828361","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7833161","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:34,7837500","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,7837826","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7843392","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS","CreationTime: 14.09.2012 15:09:22, LastAccessTime: 18.11.2012 10:45:57, LastWriteTime: 14.09.2012 15:09:22, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:34,7845794","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics\SynTP\SynTPHelper.exe","SUCCESS",""
"12:27:34,7851215","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7855978","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:34,7859565","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,7860717","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Synaptics","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7865928","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Synaptics\SYNTP","SUCCESS","Filter: SYNTP, 1: SynTP"
"12:27:34,7869875","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Synaptics","SUCCESS",""
"12:27:34,7873276","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7878071","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Filter: Roaming, 1: Roaming"
"12:27:34,7881673","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,7896111","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7900897","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryDirectory","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Filter: EQGNPG4H, 1: EQGNPG4H"
"12:27:34,7904097","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,7922417","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7929386","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"12:27:34,7929689","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS","CreationTime: 23.04.2013 18:59:50, LastAccessTime: 22.07.2013 21:33:15, LastWriteTime: 23.04.2013 18:59:50, ChangeTime: 22.07.2013 21:33:15, FileAttributes: ANCI"
"12:27:34,7934485","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe","SUCCESS",""
"12:27:34,7951480","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7955534","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, FileAttributes: DNCI"
"12:27:34,7956933","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7957488","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,7962993","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:34,7967746","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:34,7988464","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,7993334","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 10:49:52, LastWriteTime: 06.10.2013 10:49:52, ChangeTime: 06.10.2013 10:49:52, FileAttributes: DNCI"
"12:27:34,7995331","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H","SUCCESS",""
"12:27:34,8019477","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8020965","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8025546","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS","CreationTime: 23.04.2013 18:59:48, LastAccessTime: 22.07.2013 21:33:16, LastWriteTime: 23.04.2013 18:59:48, ChangeTime: 22.07.2013 21:33:16, FileAttributes: ANCI"
"12:27:34,8025779","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS","CreationTime: 06.10.2013 09:43:25, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,8027421","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects","SUCCESS",""
"12:27:34,8028359","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe","SUCCESS",""
"12:27:34,8045190","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8050266","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8050443","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:34,8054324","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 06.10.2013 09:43:25, LastWriteTime: 06.10.2013 09:43:25, ChangeTime: 06.10.2013 09:43:25, FileAttributes: DNCI"
"12:27:34,8054809","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files","SUCCESS",""
"12:27:34,8056274","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player","SUCCESS",""
"12:27:34,8079123","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8083168","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS","CreationTime: 11.05.2013 13:51:34, LastAccessTime: 11.05.2013 13:51:34, LastWriteTime: 11.05.2013 13:51:34, ChangeTime: 11.05.2013 13:51:34, FileAttributes: DNCI"
"12:27:34,8084087","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8084801","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia","SUCCESS",""
"12:27:34,8089368","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","CreationTime: 11.05.2013 13:36:13, LastAccessTime: 11.05.2013 13:36:13, LastWriteTime: 24.07.2012 20:00:08, ChangeTime: 11.05.2013 13:36:13, FileAttributes: ANCI"
"12:27:34,8092115","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS",""
"12:27:34,8106465","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8108182","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8110813","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 06.10.2013 10:52:13, LastWriteTime: 06.10.2013 10:52:13, ChangeTime: 06.10.2013 10:52:13, FileAttributes: DNCI"
"12:27:34,8112450","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming","SUCCESS",""
"12:27:34,8113425","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Realtek","SUCCESS","Filter: Realtek, 1: Realtek"
"12:27:34,8120926","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,8136549","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8140902","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 14.07.2013 21:28:46, LastWriteTime: 14.07.2013 21:28:46, ChangeTime: 14.07.2013 21:28:46, FileAttributes: HDNCI"
"12:27:34,8142530","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData","SUCCESS",""
"12:27:34,8150600","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8156651","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe","SUCCESS","Filter: RIconMan.exe, 1: RIconMan.exe"
"12:27:34,8161083","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader","SUCCESS",""
"12:27:34,8164190","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8168197","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall","SUCCESS","CreationTime: 11.05.2013 13:16:06, LastAccessTime: 27.09.2013 14:14:39, LastWriteTime: 27.09.2013 14:14:39, ChangeTime: 27.09.2013 14:14:39, FileAttributes: D"
"12:27:34,8169811","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,8192315","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8196672","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 11.05.2013 13:16:06, LastWriteTime: 11.05.2013 13:16:06, ChangeTime: 11.05.2013 13:16:06, FileAttributes: RD"
"12:27:34,8198305","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users","SUCCESS",""
"12:27:34,8203973","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8205167","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8208722","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,8210849","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS","CreationTime: 11.05.2013 13:23:00, LastAccessTime: 11.05.2013 13:23:00, LastWriteTime: 12.03.2013 13:20:32, ChangeTime: 11.05.2013 09:36:10, FileAttributes: A"
"12:27:34,8216354","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8218831","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe","SUCCESS",""
"12:27:34,8223211","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\","SUCCESS","CreationTime: 14.07.2009 04:38:56, LastAccessTime: 06.10.2013 10:28:28, LastWriteTime: 06.10.2013 10:28:28, ChangeTime: 06.10.2013 10:28:28, FileAttributes: HSDNCI"
"12:27:34,8225548","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\","SUCCESS",""
"12:27:34,8233180","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","CreationTime: 06.10.2013 12:25:14, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, FileAttributes: ANCI"
"12:27:34,8242501","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8244446","FlashPlayerPlugin_11_8_800_168.exe","8196","CreateFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8250068","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:34,8256501","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,8285405","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8291493","FlashPlayerPlugin_11_8_800_168.exe","8196","SetRenameInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sxx","SUCCESS","ReplaceIfExists: False, FileName: C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol"
"12:27:34,8293018","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL","SUCCESS","Filter: DAL, 1: DAL"
"12:27:34,8298668","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS",""
"12:27:34,8338077","FlashPlayerPlugin_11_8_800_168.exe","8196","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS",""
"12:27:34,8339682","FlashPlayerPlugin_11_8_800_168.exe","8196","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: DNCI"
"12:27:34,8339971","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8347543","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","CreationTime: 11.05.2013 13:22:45, LastAccessTime: 11.05.2013 13:22:45, LastWriteTime: 12.03.2013 13:20:34, ChangeTime: 11.05.2013 09:36:10, FileAttributes: A"
"12:27:34,8351233","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS",""
"12:27:34,8358454","FlashPlayerPlugin_11_8_800_168.exe","8216","CloseFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS",""
"12:27:34,8366492","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryNetworkOpenInformationFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","CreationTime: 06.10.2013 10:49:52, LastAccessTime: 06.10.2013 12:27:34, LastWriteTime: 06.10.2013 12:27:34, ChangeTime: 06.10.2013 12:27:34, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: ANCI"
"12:27:34,8372421","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8379633","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:34,8381737","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EQGNPG4H\streamcloud.eu\com.jeroenwijering.sol","SUCCESS","Offset: 0, Length: 54, I/O Flags: Synchronous"
"12:27:34,8385278","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,8409765","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8414999","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS","Filter: LMS, 1: LMS"
"12:27:34,8419785","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components","SUCCESS",""
"12:27:34,8434279","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8439457","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe","SUCCESS","Filter: LMS.exe, 1: LMS.exe"
"12:27:34,8443450","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS","SUCCESS",""
"12:27:34,8481592","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8487152","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS","CreationTime: 11.05.2013 15:01:08, LastAccessTime: 11.05.2013 15:01:08, LastWriteTime: 11.05.2013 15:01:08, ChangeTime: 11.05.2013 15:05:08, FileAttributes: A"
"12:27:34,8489592","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Internet Explorer\ielowutil.exe","SUCCESS",""
"12:27:34,8539419","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8546692","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS","CreationTime: 13.05.2013 16:08:26, LastAccessTime: 15.09.2013 13:17:55, LastWriteTime: 22.07.2013 00:25:30, ChangeTime: 15.09.2013 13:17:55, FileAttributes: ANCI"
"12:27:34,8550284","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe","SUCCESS",""
"12:27:34,8586363","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\svchost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8600801","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\svchost.exe","SUCCESS","CreationTime: 14.07.2009 01:31:13, LastAccessTime: 14.07.2009 01:31:13, LastWriteTime: 14.07.2009 03:39:46, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:34,8603245","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\svchost.exe","SUCCESS",""
"12:27:34,8612062","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8621266","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,8626883","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,8643327","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8648939","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,8653007","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,8670622","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8677041","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\svchost.exe","SUCCESS","Filter: svchost.exe, 1: svchost.exe"
"12:27:34,8681827","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,8716749","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8723938","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","CreationTime: 20.06.2012 18:14:18, LastAccessTime: 11.05.2013 14:43:43, LastWriteTime: 20.06.2012 18:14:18, ChangeTime: 11.05.2013 14:43:53, FileAttributes: A"
"12:27:34,8727591","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS",""
"12:27:34,8747245","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8751238","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.399.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8754037","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Winamp","SUCCESS","Filter: Winamp, 1: Winamp"
"12:27:34,8754858","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.399.819, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8757251","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.399.819, Length: 1.460"
"12:27:34,8759327","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,8760843","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.401.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8777754","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Winamp","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8781070","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.401.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8783930","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.403.392, EndOfFile: 409.401.279, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8784532","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Winamp\winamp.exe","SUCCESS","Filter: winamp.exe, 1: winamp.exe"
"12:27:34,8788707","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.401.279, Length: 5.840, Priority: Normal"
"12:27:34,8789757","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Winamp","SUCCESS",""
"12:27:34,8807978","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.407.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8811575","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.407.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8814365","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.407.119, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8817201","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.407.119, Length: 1.460"
"12:27:34,8820826","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.408.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8832460","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8839248","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","CreationTime: 01.10.2013 13:42:31, LastAccessTime: 01.10.2013 13:42:43, LastWriteTime: 01.10.2013 13:42:43, ChangeTime: 05.10.2013 09:23:33, FileAttributes: A"
"12:27:34,8842098","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS",""
"12:27:34,8844505","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.408.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8847323","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.408.579, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8849403","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.408.579, Length: 2.920"
"12:27:34,8852557","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.411.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8861728","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Mozilla Firefox","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8867368","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Mozilla Firefox\firefox.exe","SUCCESS","Filter: firefox.exe, 1: firefox.exe"
"12:27:34,8871795","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Mozilla Firefox","SUCCESS",""
"12:27:34,8882376","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.411.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8885599","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.411.499, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8887274","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.411.499, Length: 2.920"
"12:27:34,8890460","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.414.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8913440","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.414.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8917121","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.414.419, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8919873","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.414.419, Length: 1.460"
"12:27:34,8923129","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8923875","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.415.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8930322","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS","CreationTime: 06.11.2012 09:18:34, LastAccessTime: 11.05.2013 13:42:02, LastWriteTime: 06.11.2012 09:18:34, ChangeTime: 11.05.2013 13:42:02, FileAttributes: A"
"12:27:34,8933924","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe","SUCCESS",""
"12:27:34,8947714","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.415.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8951264","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.415.879, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8952019","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8953312","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.415.879, Length: 2.920"
"12:27:34,8956456","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.418.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8958028","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Intel","SUCCESS","Filter: Intel, 1: Intel"
"12:27:34,8962422","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)","SUCCESS",""
"12:27:34,8978899","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.418.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8982505","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.418.799, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8985705","Windows7FirewallService.exe","2128","QueryOpen","D:\Progs\Firefox 19.0.2 portable\Firefox\firefox.exe","SUCCESS","CreationTime: 03.10.2013 16:41:28, LastAccessTime: 03.10.2013 16:41:43, LastWriteTime: 03.10.2013 16:41:43, ChangeTime: 03.10.2013 16:46:19, AllocationSize: 278.528, EndOfFile: 274.840, FileAttributes: ANCI"
"12:27:34,8986055","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.418.799, Length: 2.920"
"12:27:34,8989699","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.421.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,8992124","Windows7FirewallService.exe","2128","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,8998506","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs","SUCCESS","Filter: Progs, 1: Progs"
"12:27:34,9003325","Windows7FirewallService.exe","2128","CloseFile","D:\","SUCCESS",""
"12:27:34,9009800","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.421.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9012930","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.421.719, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9015011","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.421.719, Length: 1.460"
"12:27:34,9023436","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.423.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9027005","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9035033","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Filter: Firefox, 1: Firefox"
"12:27:34,9041070","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS",""
"12:27:34,9045119","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.423.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9048338","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.423.179, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9050381","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.423.179, Length: 2.920"
"12:27:34,9054332","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.426.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9060392","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9068500","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox\firefox.exe","SUCCESS","Filter: firefox.exe, 1: firefox.exe"
"12:27:34,9077471","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS",""
"12:27:34,9079630","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.426.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9082439","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.426.099, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9084412","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.426.099, Length: 2.920"
"12:27:34,9087608","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.429.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9110326","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.429.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9113545","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.429.019, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9118518","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.429.019, Length: 1.460"
"12:27:34,9118956","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9122903","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.430.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9127013","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","CreationTime: 18.07.2012 20:47:26, LastAccessTime: 06.10.2013 10:27:28, LastWriteTime: 18.07.2012 20:47:26, ChangeTime: 06.10.2013 10:27:28, FileAttributes: A"
"12:27:34,9130222","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS",""
"12:27:34,9143518","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.430.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9146013","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.430.479, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9149144","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.430.479, Length: 5.840"
"12:27:34,9149885","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9152418","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.436.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9155857","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Nuance","SUCCESS","Filter: Nuance, 1: Nuance"
"12:27:34,9160274","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files","SUCCESS",""
"12:27:34,9174283","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.436.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9177134","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.436.319, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9179536","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.436.319, Length: 1.460"
"12:27:34,9182755","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.437.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9192453","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files (x86)\Common Files\Nuance","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9200426","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe","SUCCESS","Filter: dgnsvc.exe, 1: dgnsvc.exe"
"12:27:34,9206024","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files (x86)\Common Files\Nuance","SUCCESS",""
"12:27:34,9206364","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.437.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9209700","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.437.779, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9212112","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.437.779, Length: 2.920"
"12:27:34,9214939","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.440.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9236794","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.440.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9238861","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.440.699, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9240494","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.440.699, Length: 2.920"
"12:27:34,9242877","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.443.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9245742","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskhost.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9260231","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskhost.exe","SUCCESS","CreationTime: 11.05.2013 14:09:45, LastAccessTime: 11.05.2013 14:09:45, LastWriteTime: 23.11.2012 05:13:57, ChangeTime: 11.05.2013 14:55:03, FileAttributes: A"
"12:27:34,9263375","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskhost.exe","SUCCESS",""
"12:27:34,9269057","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.443.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9272645","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.443.619, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9272682","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9275085","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.443.619, Length: 2.920"
"12:27:34,9278695","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.446.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9279852","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,9284298","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,9299086","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.446.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9301153","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9301899","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.446.539, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9303966","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.446.539, Length: 1.460"
"12:27:34,9307156","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.447.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9308323","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:34,9313608","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,9332315","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.447.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9334339","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.447.999, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9336364","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.447.999, Length: 2.920"
"12:27:34,9341542","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.450.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9343170","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9349962","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskhost.exe","SUCCESS","Filter: taskhost.exe, 1: taskhost.exe"
"12:27:34,9355980","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:34,9361028","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.450.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9363024","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.450.919, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9364289","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.450.919, Length: 1.460"
"12:27:34,9366673","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.452.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9388906","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9394140","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.452.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9396067","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","CreationTime: 16.12.2012 13:25:38, LastAccessTime: 13.05.2013 10:47:49, LastWriteTime: 16.12.2012 13:25:38, ChangeTime: 15.05.2013 16:20:59, FileAttributes: ANCI"
"12:27:34,9397737","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.452.379, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9399691","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS",""
"12:27:34,9399789","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.452.379, Length: 5.840"
"12:27:34,9404170","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.458.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9419737","Windows7FirewallService.exe","2128","CreateFile","C:\Program Files\Sandboxie","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9424579","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.458.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9426184","Windows7FirewallService.exe","2128","QueryDirectory","C:\Program Files\Sandboxie\SbieCtrl.exe","SUCCESS","Filter: SbieCtrl.exe, 1: SbieCtrl.exe"
"12:27:34,9427756","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.458.219, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9430191","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.458.219, Length: 2.920"
"12:27:34,9431427","Windows7FirewallService.exe","2128","CloseFile","C:\Program Files\Sandboxie","SUCCESS",""
"12:27:34,9433848","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.461.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9450652","Windows7FirewallService.exe","2128","QueryOpen","D:\Progs\Firefox 19.0.2 portable\Firefox\plugin-container.exe","SUCCESS","CreationTime: 03.10.2013 16:41:29, LastAccessTime: 03.10.2013 16:41:42, LastWriteTime: 03.10.2013 16:41:42, ChangeTime: 03.10.2013 16:41:42, AllocationSize: 20.480, EndOfFile: 17.816, FileAttributes: ANCI"
"12:27:34,9453050","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.461.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9455891","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.461.139, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9456693","Windows7FirewallService.exe","2128","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9458256","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.461.139, Length: 4.380"
"12:27:34,9461498","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.465.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9464833","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs","SUCCESS","Filter: Progs, 1: Progs"
"12:27:34,9470861","Windows7FirewallService.exe","2128","CloseFile","D:\","SUCCESS",""
"12:27:34,9486218","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.465.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9489824","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.468.928, EndOfFile: 409.465.519, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9492091","Windows7FirewallService.exe","2128","CreateFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9494647","FlashPlayerPlugin_11_8_800_168.exe","8216","WriteFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","Offset: 409.465.519, Length: 5.840, Priority: Normal"
"12:27:34,9499326","Windows7FirewallService.exe","2128","QueryDirectory","D:\Progs\Firefox 19.0.2 portable\Firefox","SUCCESS","Filter: Firefox, 1: Firefox"
"12:27:34,9504519","Windows7FirewallService.exe","2128","CloseFile","D:\Progs\Firefox 19.0.2 portable","SUCCESS",""
"12:27:34,9513125","FlashPlayerPlugin_11_8_800_168.exe","8216","ReadFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","END OF FILE","Offset: 409.468.928, Length: 32.768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"12:27:34,9520729","FlashPlayerPlugin_11_8_800_168.exe","8216","QueryStandardInformationFile","C:\Users\wonderwall\AppData\Local\Temp\acro_rd_dir\fla90B8.tmp","SUCCESS","AllocationSize: 409.534.464, EndOfFile: 409.471.359, NumberOfLinks: 1, DeletePending: False, Directory: False"
"12:27:34,9553926","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9561502","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","CreationTime: 10.09.2013 18:54:10, LastAccessTime: 10.09.2013 18:54:10, LastWriteTime: 10.09.2013 18:54:10, ChangeTime: 10.09.2013 18:54:10, FileAttributes: A"
"12:27:34,9565891","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS",""
"12:27:34,9575562","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9581165","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,9585214","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,9601238","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9606869","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:34,9610895","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,9638945","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9647370","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed","SUCCESS","Filter: Macromed, 1: Macromed"
"12:27:34,9654526","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:34,9682050","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9690134","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed\Flash","SUCCESS","Filter: Flash, 1: Flash"
"12:27:34,9695718","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed","SUCCESS",""
"12:27:34,9744668","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9751456","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS","CreationTime: 10.09.2013 18:54:10, LastAccessTime: 10.09.2013 18:54:10, LastWriteTime: 10.09.2013 18:54:10, ChangeTime: 10.09.2013 18:54:10, FileAttributes: A"
"12:27:34,9754315","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe","SUCCESS",""
"12:27:34,9763104","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9768352","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:34,9772765","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,9788365","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9793599","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64","SUCCESS","Filter: SysWOW64, 1: SysWOW64"
"12:27:34,9798017","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:34,9814447","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9821249","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed","SUCCESS","Filter: Macromed, 1: Macromed"
"12:27:34,9826856","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:34,9858583","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\SysWOW64\Macromed","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9866205","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\SysWOW64\Macromed\Flash","SUCCESS","Filter: Flash, 1: Flash"
"12:27:34,9871360","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\SysWOW64\Macromed","SUCCESS",""
"12:27:34,9903101","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9908745","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","CreationTime: 27.09.2013 20:28:05, LastAccessTime: 27.09.2013 20:28:05, LastWriteTime: 31.05.2013 15:54:54, ChangeTime: 27.09.2013 20:28:05, FileAttributes: A"
"12:27:34,9911502","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS",""
"12:27:34,9920767","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9927140","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:34,9931567","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:34,9947204","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9952428","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\Desktop","SUCCESS","Filter: Desktop, 1: Desktop"
"12:27:34,9956431","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:34,9971322","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\Desktop","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:34,9976505","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\Desktop\Procmon.exe","SUCCESS","Filter: Procmon.exe, 1: Procmon.exe"
"12:27:34,9980493","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\Desktop","SUCCESS",""
"12:27:35,0008987","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32\taskmgr.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:35,0013232","SavService.exe","1536","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access"
"12:27:35,0018839","SavService.exe","1536","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"12:27:35,0022068","SavService.exe","1536","RegOpenKey","HKCU\Control Panel\International","SUCCESS","Desired Access: Read"
"12:27:35,0023476","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Windows\System32\taskmgr.exe","SUCCESS","CreationTime: 21.11.2010 05:24:24, LastAccessTime: 21.11.2010 05:24:24, LastWriteTime: 21.11.2010 05:24:24, ChangeTime: 11.05.2013 14:07:41, FileAttributes: A"
"12:27:35,0024857","SavService.exe","1536","RegSetInfoKey","HKCU\Control Panel\International","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"12:27:35,0026266","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32\taskmgr.exe","SUCCESS",""
"12:27:35,0026840","SavService.exe","1536","RegCloseKey","HKCU","SUCCESS",""
"12:27:35,0028837","SavService.exe","1536","RegQueryValue","HKCU\Control Panel\International\LocaleName","SUCCESS","Type: REG_SZ, Length: 12, Data: de-DE"
"12:27:35,0030880","SavService.exe","1536","RegCloseKey","HKCU\Control Panel\International","SUCCESS",""
"12:27:35,0039613","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:35,0047212","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:35,0052479","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:35,0067808","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\AudioSes.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Synchronous"
"12:27:35,0072580","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\AudioSes.dll.mui","SUCCESS","Offset: 0, Length: 4.096, I/O Flags: Non-cached, Paging I/O, Priority: Normal"
"12:27:35,0076163","svchost.exe","1528","UDP Receive","ff02::1:3:llmnr -> Rebecca-PC:65206","SUCCESS","Length: 22, seqnum: 0, connid: 0"
"12:27:35,0076359","Windows7FirewallService.exe","2128","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:35,0080632","svchost.exe","1528","UDP Receive","224.0.0.252:llmnr -> buntes192.wohnheim.uni-kl.de:61441","SUCCESS","Length: 22, seqnum: 0, connid: 0"
"12:27:35,0082769","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\system32","SUCCESS","Filter: system32, 1: System32"
"12:27:35,0087588","Windows7FirewallService.exe","2128","CloseFile","C:\Windows","SUCCESS",""
"12:27:35,0095089","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\AudioSes.dll.mui","SUCCESS","Offset: 184, Length: 4.096"
"12:27:35,0103299","Windows7FirewallService.exe","2128","CreateFile","C:\Windows\System32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:35,0108860","Windows7FirewallService.exe","2128","QueryDirectory","C:\Windows\System32\taskmgr.exe","SUCCESS","Filter: taskmgr.exe, 1: taskmgr.exe"
"12:27:35,0113268","Windows7FirewallService.exe","2128","CloseFile","C:\Windows\System32","SUCCESS",""
"12:27:35,0113595","SavService.exe","1536","ReadFile","C:\Windows\SysWOW64\de-DE\AudioSes.dll.mui","SUCCESS","Offset: 0, Length: 4.096"
"12:27:35,0120396","SavService.exe","1536","ReadFile","C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C","SUCCESS","Offset: 2.426.496, Length: 16.200"
"12:27:35,0140409","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64\de-DE","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:35,0144477","SavService.exe","1536","QueryDirectory","C:\Windows\SysWOW64\de-DE\AUDIOSES.DLL.mui","SUCCESS","Filter: AUDIOSES.DLL.mui, 1: AudioSes.dll.mui"
"12:27:35,0146208","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:35,0148848","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64\de-DE","SUCCESS",""
"12:27:35,0152230","Windows7FirewallService.exe","2128","QueryBasicInformationFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS","CreationTime: 06.10.2013 12:25:43, LastAccessTime: 06.10.2013 12:25:43, LastWriteTime: 06.10.2013 12:25:47, ChangeTime: 06.10.2013 12:25:47, FileAttributes: HA"
"12:27:35,0154647","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall\AppData\Local\Temp\Procmon64.exe","SUCCESS",""
"12:27:35,0162223","Windows7FirewallService.exe","2128","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:35,0167457","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users","SUCCESS","Filter: Users, 1: Users"
"12:27:35,0171837","Windows7FirewallService.exe","2128","CloseFile","C:\","SUCCESS",""
"12:27:35,0180580","SavService.exe","1536","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:35,0190712","SavService.exe","1536","QueryBasicInformationFile","C:\Windows","SUCCESS","CreationTime: 14.07.2009 05:20:08, LastAccessTime: 06.10.2013 10:57:07, LastWriteTime: 06.10.2013 10:57:07, ChangeTime: 06.10.2013 10:57:07, FileAttributes: D"
"12:27:35,0193460","SavService.exe","1536","CloseFile","C:\Windows","SUCCESS",""
"12:27:35,0195214","Windows7FirewallService.exe","2128","CreateFile","C:\Users","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:35,0201903","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:35,0202916","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\WONDER~1","SUCCESS","Filter: WONDER~1, 1: wonderwall"
"12:27:35,0206302","SavService.exe","1536","QueryDirectory","C:\Windows","SUCCESS","Filter: Windows, 1: Windows"
"12:27:35,0210370","SavService.exe","1536","CloseFile","C:\","SUCCESS",""
"12:27:35,0210944","Windows7FirewallService.exe","2128","CloseFile","C:\Users","SUCCESS",""
"12:27:35,0233052","Windows7FirewallService.exe","2128","CreateFile","C:\Users\wonderwall","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"12:27:35,0239489","Windows7FirewallService.exe","2128","QueryDirectory","C:\Users\wonderwall\AppData","SUCCESS","Filter: AppData, 1: AppData"
"12:27:35,0242843","SavService.exe","1536","CreateFile","C:\Windows\SysWOW64","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"
"12:27:35,0243902","Windows7FirewallService.exe","2128","CloseFile","C:\Users\wonderwall","SUCCESS",""
"12:27:35,0246459","SavService.exe","1536","QueryBasicInformationFile","C:\Windows\SysWOW64","SUCCESS","CreationTime: 14.07.2009 05:20:14, LastAccessTime: 06.10.2013 10:27:42, LastWriteTime: 06.10.2013 10:27:42, ChangeTime: 06.10.2013 10:27:42, FileAttributes: D"
"12:27:35,0248418","SavService.exe","1536","CloseFile","C:\Windows\SysWOW64","SUCCESS",""
"12:27:35,0254828","SavService.exe","1536","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: Error3725\wonderwall, OpenResult: Opened"